System Maintenance FortiGuard Center
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 171
3 Select Use override push IP and enter the IP address of the external interface of
the NAT device.
4 Do not change the push update port unless UDP port 9443 is blocked or used by
other services on your network.
5 Select Apply.
The FortiGate unit sends the override push IP address and port to the FDN. The
FDN now uses this IP address and port for push updates to the FortiGate unit on
the internal network. Push updates will not actually work until you add a virtual IP
to the NAT device so that the NAT device accepts push update packets and
forwards them to the FortiGate unit on the internal network.
To add a port forwarding virtual IP to the FortiGate NAT device
Configure the NAT device to use port forwarding to forward push update
connections from the FDN to the FortiGate unit on the internal network.
1 Go to Firewall > Virtual IP and select Create New.
2 Add a port forwarding virtual IP that maps the external interface of the NAT device
to the IP address of the FortiGate unit on the internal network using the push
update UDP port.
3 Select OK.
To add a firewall policy to the FortiGate NAT device
1 Add a new external to internal firewall policy.
2 Configure the policy with the following settings:
3 Select OK.
Note: If the external IP address or external service port changes, add the changes to the
Use override push configuration and select Apply to update the push information on the
FDN.
Name Add a name for the Virtual IP.
External Interface The interface on the NAT device that connects to the Internet.
Type Static NAT.
External IP
Address/Range
The IP address that the FDN connects to send push updates to the
FortiGate unit on the Internal network. This would usually be the IP
address of the external interface of the NAT device. This IP address
must be the same as the FortiGuard Center push update override IP of
the FortiGate unit on the internal network.
Mapped IP
Address/Range
The IP address of the FortiGate unit on the Internal network.
Port Forwarding Select Port Forwarding.
Protocol UDP
External Service
Port
The external service port that the FDN connects to. The external
service port for push updates is usually 9443. If you changed the push
update port in the FortiGuard Center configuration of the FortiGate unit
on the internal network, you must set the external service port to the
changed push update port.
Map to Port The map to port must be the same as the external service port.
To Next Page
Loading...
Need help?
General