Skip to Content

How to create Internet Service Database services to the group and using it in the policies

By: Author Alex Lim

Posted on

Categories Networking

This article describes how to add multiple Internet Service Database services to the group and use it in the policies.

Scope

FortiOS 6.2, 6.4, 7.0, 7.2, 7.4.

Solution

This can be only done through the CLI and it is possible to use following commands to create the ISDB group:

Fortigate-HUB # config firewall internet-service-group
Fortigate-HUB (internet-service~oup) # edit ISDB
Fortigate-HUB (ISDB) # show full-configuration
config firewall internet-service-group
edit "ISDB"
set comment ''
set direction both
set member "Microsoft-Azure" "Meta-Other" "Google-Other" "Google-Google.Cloud"
next
end

Fortigate-HUB (ISDB) # append member Amazon-AWS.Cloud9
Fortigate-HUB (ISDB) # show full-configuration
config firewall internet-service-group
edit "ISDB"
set comment ''
set direction both
set member "Microsoft-Azure" "Meta-Other" "Google-Other" "Google-Google.Cloud" "Amazon-AWS.Cloud9"
next
end
Fortigate-HUB (ISDB) # end
Fortigate-HUB #

To add the member to the group itself, it is possible to use the command ‘append member <service-name>’ as highlighted above.

Once the group is created, it is possible to use in the policies as shown below (search for that group so that it appears in the dropdown list):

Once the group is created, it is possible to use in the policies as shown below (search for that group so that it appears in the dropdown list).