Threat.live

Setup Guide

Integrate your device with Threat.live and automatically block malicious IPs

Select Device

FortiGateFortiGate Threat.live Setup
Integrate your FortiGate device with Threat.live

Important Information

This setup is valid for FortiGate 6.0 and above versions. Some commands may differ in older versions.

1

Create External Connector

Create external connector for Threat.live in FortiGate:

FortiGate CLI
config system external-resource
    edit "Threat-Live"
        set type address
        set comments "Threat.live"
        set resource "https://list.threat.live/"
    next
end
2

Create Firewall Policy

Create firewall policy to block malicious IPs:

FortiGate CLI
config firewall policy
    edit 0
        set name "Block-Threat-Live-IPs"
        set srcintf "any"
        set dstintf "any"
        set srcaddr "Threat-Live"
        set dstaddr "all"
        set service ALL
        set action deny
        set schedule always
        set status enable
        set logtraffic all
    next
end

Not: If you are using NAT for your internal network, the source interface (srcintf) in the policy should be your WAN interface, and you need to add Virtual IP or relevant IP addresses to the destination address (dstaddr) and destination interface (dstintf) sections. For the policy to be actively applied, it must be placed above the relevant Virtual IP definitions.

Setup Completed!

Your FortiGate device will now automatically block malicious IPs coming from the Threat.live list in sync.