What do you need help with?

We are here and ready to help.
Email: servicedesk@socfortress.co

    FortiGate Next Generation Firewall (NGFW) Integration

    Taylor Walton

    08-Jan-2026

    FortiGate Next Generation Firewall (NGFW) Integration

    Below is a general guide on how to connect a FortiGate firewall to an external blocklist. Please adjust the steps based on your specific FortiGate model and current firmware version. This information is based on the Fortinet documentation: IP Address Threat Feed (FortiOS 7.4.0 Administration Guide) .

    Attention

    Credentials are required to access this data. If you have not yet received trial credentials, please request access: https://www.socfortress.co/contact-us

    1) Log into the FortiGate Web Interface

    1. Open your web browser and enter the IP address of your FortiGate firewall admin interface.
    2. Log in using your administrator credentials.

    2) Go to the Security Fabric Section

    1. On the left-hand sidebar, click Security Fabric.
    2. In the sub-menu, click External Connectors.
    3. Click Create New.

    3) Create a New External Blocklist

    1. On the New External Connector page, scroll to the Threat Feeds section.
    2. Select the type of blocklist you would like to add (for example, IP Address).

    4) Add an IP Address Threat Feed

    Enter the following details:

    • Name: Give the blocklist a unique name, such as SOCFortress Malicious IP Addresses
    • Update method: Use the default External Feed
    • URI of External Resource: https://fortinet.socfortress.co/ips60day.txt
    • HTTP Basic Auth: Toggle On
    • Username / Password: Enter the credentials you were provided
    • Refresh Rate: Choose how often FortiGate checks the source for updates (in minutes). SOCFortress recommends setting this to 60.
    1. Click OK.
    2. Ensure the toggle on the new connector card is enabled.

     

    5) Add a Domain Threat Feed

    Enter the following details:

    • Name: Give the blocklist a unique name, such as SOCFortress Malicious Domains
    • Update method: Use the default External Feed
    • URI of External Resource: https://fortinet.socfortress.co/domains60day.txt
    • HTTP Basic Auth: Toggle On
    • Username / Password: Enter the credentials you were provided
    • Refresh Rate: Choose how often FortiGate checks the source for updates (in minutes). SOCFortress recommends setting this to 60.
    1. Click OK.
    2. Ensure the toggle on the new connector card is enabled.

    6) Add a Malware Hash Threat Feed (SHA-256)

    Enter the following details:

    • Name: Give the blocklist a unique name, such as SOCFortress Malware Hashes
    • Update method: Use the default External Feed
    • URI of External Resource: https://fortinet.socfortress.co/sha256_60day.txt
    • HTTP Basic Auth: Toggle On
    • Username / Password: Enter the credentials you were provided
    • Refresh Rate: Choose how often FortiGate checks the source for updates (in minutes). SOCFortress recommends setting this to 60.
    1. Click OK.
    2. Ensure the toggle on the new connector card is enabled.

    7) Verify the Threat Feeds

    Once all feeds have been added, you should see them listed on the External Connectors page.

    Screenshot: External Connectors page showing Threat Feeds

    8) View Entries in a Feed

    1. On the External Connectors page, mouse over one of the threat feed cards.
    2. Click View Entries to see the current feed contents.

    Screenshot: Viewing entries for a domain threat feed

    Facebook Share Tweet

    Was this article helpfu?

    Yes No

    Thank you for voting

    Comments

    ×
    Select company

    You are related to multiple companies. Please select the company you wish to login as.