FortiGuard Management – FortiManager 5.2

Enabling updates through a web proxy

If the FortiManager system’s built-in FDS must connect to the FDN through a web (HTTP or HTTPS) proxy, you can specify the IP address and port of the proxy server.

If the proxy requires authentication, you can also specify a user name and password.

Configuring

To enable updates to the FortiManager system through a proxy:

  1. Go to FortiGuard Management > Advanced Settings.
  2. If configuring a web proxy server to enable web and email filtering updates, expand FortiGuard Web Filterand Email FilterSettings.
  3. If configuring a web proxy to enable antivirus and IPS updates, expand FortiGuard Antivirus and IPS Settings; FortiGuard antivirus and IPS settings.
  4. Select the check box beside Use Web Proxy and type the IP address and port number of the proxy.
  5. If the proxy requires authentication, type the user name and password.
  6. Select Update to immediately connect and receive updates from the FDN.

The FortiManager system connects to the override server and receives updates from the FDN.

  1. Select Apply.

If the FDN connection status is Disconnected, the FortiManager system is unable to connect through the web proxy.

Overriding default IP addresses and ports

FortiManager systems’ built-in FDS connect to the FDN servers using default IP addresses and ports. You can override these defaults if you want to use a port or specific FDN server that is different from the default.

To override default IP addresses and ports:

  1. Go to FortiGuard Management > Advanced Settings.
  2. If you want to override the default IP address or port for synchronizing with available FortiGuard antivirus and IPS updates, select the arrow to expand FortiGuard Antivirus and IPS Settings, then select the check box beside Use Override ServerAddress forFortiGate/FortiMail and type the IP address and/or port number for all FortiGate units.
  3. Select Update to immediately connect and receive updates from the FDN.

The FortiManager system connects to the override server and receives updates from the FDN.

  1. If you want to override the FortiManager system’s default IP address or port for synchronizing with available FortiGuard web and email filtering updates, select the arrow to expand FortiGuard Web Filterand Email Filter Settings.
  2. Select the appropriate check box beside Use Override ServerAddress forFortiGate/FortiMail and/or Use Override ServerAddress forFortiClient and type the IP address and/or port number.
  3. Select Apply.

If the FDN connection status remains disconnected, the FortiManager system is unable to connect with the configured override.

FDN port numbers and protocols

Both the built-in FDS and devices use certain protocols and ports to successfully request and receive updates from the FDN or override server. Any intermediary proxies or firewalls must allow these protocols and ports, or the connection will fail.

After connecting to the FDS, you can verify connection status on the FortiGuard Management page. For more information about connection status, see Connecting the built-in FDS to the FDN.

FortiGuard services

This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.