System Maintenance FortiGuard Center
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 161
FortiGuard Center
The FortiGuard Center configures your FortiGate unit for the FortiGuard
Distribution Network (FDN) and FortiGuard Services. The FDN provides updates
to antivirus and attack definitions. FortiGuard Services provides online IP address
black list, URL black list, and other spam filtering tools.
FortiGuard Distribution Network
The FortiGuard Distribution Network (FDN) is a world-wide network of FortiGuard
Distribution Servers (FDSs). The FDN provides updates to antivirus (including
grayware) and IPS attack definitions. When the FortiGate unit connects to the
FDN, it connects to the nearest FDS based on the current time zone setting.
The FortiGate unit supports the following update features:
• User-initiated updates from the FDN,
• Hourly, daily, or weekly scheduled antivirus and attack definition updates from
the FDN,
• Push updates from the FDN,
• Update status including version numbers, expiry dates, and update dates and
times,
• Push updates through a NAT device.
You must register the FortiGate unit on the Fortinet support web page. To register
your FortiGate unit, go to Product Registration and follow the instructions.
To receive scheduled updates, the FortiGate unit must be able to connect to the
FDN using HTTPS on port 443. For information about configuring scheduled
updates, see “To enable scheduled updates” on page 167.
You can also configure the FortiGate unit to receive push updates. For this to
succeed, the FDN must be able to route packets to the FortiGate unit using UDP
port 9443. For information about configuring push updates, see “To enable push
updates” on page 168.
FortiGuard Services
Worldwide coverage of FortiGuard services are provided by FortiGuard Service
Points. When your FortiGateunit connects to the FDN, it is connecting to the
closest FortiGuard Service Point. Fortinet adds new Service Points as required.
By default, the FortiGate unit communicates with the closest Service Point. If the
Service Point becomes unreachable for any reason, the FortiGate unit contacts
another Service Point and information is available within seconds. By default, the
FortiGate unit communicates with the Service Point via UDP on port 53.
Alternately, the UDP port used for Service Point communication can be switched
to port 8888 by going to System > Maintenance > FortiGuard Center.
If you need to change the default FortiGuard Service Point host name, use the
hostname keyword in the system fortiguard CLI command. You cannot
change the FortiGuard Service Point name using the web-based manager.
For detailed information about FortiGuard services, see the FortiGuard Center
web page.
To Next Page
Loading...
