To enable scheduled updates – CLI
config system autoupdate schedule set status enable
set frequency {every | daily | weekly}
set time <hh:mm>
set day <day_of_week>
end
Push updates
Push updates enable you to get immediate updates when new virus or intrusions have been discovered and new signatures are created. This ensures that when the latest signature is available it will be sent to the FortiGate.
When a push notification occurs, the FortiGuard server sends a notice to the FortiGate that there is a new signature definition file available. The FortiGate then initiates a download of the definition file, similar to the scheduled update.
To ensure maximum security for your network, you should have a scheduled update as well as enable the push update, in case an urgent signature is created, and your cycle of the updates only occurs weekly.
To enable push updates – GUI
1. Go to System > FortiGuard.
2. Click the Expand Arrow for AV and IPS Options.
3. Select Allow Push Update.
4. Select Apply.
To enable push updates – CLI
config system autoupdate push-update set status enable
end
Push IP override
If the FortiGate is behind another NAT device (or another FortiGate), to ensure it receives the push update notifications, you need to use an override IP address for the notifications. To do this, you create a virtual IP to map to the external port of the NAT device.
Generally speaking, if there are two FortiGate devices as in the diagram below, the following steps need to be completed on the FortiGate NAT device to ensure the FortiGate on the internal network receives the updates:
- Add a port forwarding virtual IP to the FortiGate NAT device that connects to the Internet by going to Firewall
Objects > Virtual IP.
- Add a security policy to the FortiGate NAT device that connects to the Internet that includes the port forwarding virtual IP.
- Configure the FortiGate on the internal network with an override push IP and port.
On the FortiGate internal device, the virtual IP is entered as the Use push override IP address.
To enable push update override- GUI
1. Go to System > FortiGuard.
2. Click the Expand Arrow for AV and IPS Options.
3. Select Allow Push Update.
4. Select Use push override IP.
5. Enter the virtual IP address configured on the NAT device.
6. Select Apply.
To enable push updates – CLI
config system autoupdate push-update set status enable
set override enable
set address <vip_address>
end
Configuring Web Filtering and Email Filtering Options
Go to System > FortiGuard, and expand arrow to view Web Filtering and Email Filtering Options for setting the size of the caches and ports used.
Web Filter cache TTL Set the Time To Live value. This is the number of seconds the FortiGate will store a blocked IP or URL locally, saving time and network access traffic, checking the FortiGuard server. Once the TTL has expired, the FortiGate will contact an FDN server to verify a web address. The TTL must be between 300 and 86400 seconds.
Antispam cache TTL
Set the Time To Live value. This is the number of seconds the FortiGate will store a blocked IP or URL locally, saving time and network access traffic, checking the FortiGuard server. Once the TTL has expired, the FortiGate will contact an FDN server to verify a web address. The TTL must be between 300 and 86400 seconds.
Port Section Select the port assignments for contacting the FortiGuard servers. Select the Test Availability button to verify the connection using the selected port.
To have a URL’s category rating re-evaluated, please click here
Select to re-evaluate a URL’s category rating on the FortiGuard Web Filter service.
Email filtering
The FortiGuard data centers monitor and update email databases of known spam sources. With FortiGuard Antispam enabled, the FortiGate verifies incoming email sender address and IPs against the database, and take the necessary action as defined within the antivirus profiles.
Spam source IP addresses can also be cached locally on the FortiGate, providing a quicker response time, while easing load on the FortiGuard servers, aiding in a quicker response time for less common email address requests.
By default, the antispam cache is enabled. The cache includes a time-to-live value, which is the amount of time an email address will stay in the cache before expiring. You can change this value to shorten or extend the time between 300 and 86400 seconds.