Configuring FortiGuard Services System Maintenance
FortiGate Version 4.0 MR1 Administration Guide
322 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Configuring FortiGuard Services
Go to System > Maintenance > FortiGuard to configure your FortiGate unit to use the
FortiGuard Distribution Network (FDN) and FortiGuard Services. The FDN provides
updates to antivirus definitions, IPS definitions, and the Antispam rule set. FortiGuard
Services include FortiGuard web filtering and the FortiGuard Analysis and Management
Service.
FortiGuard Distribution Network
The FDN is a world-wide network of FortiGuard Distribution Servers (FDS). The FDN
provides updates to antivirus (including grayware) definitions, IPS definitions, and the
antispam rule set. When the FortiGate unit contacts the FDN, it connects to the nearest
FDS based on the current time zone setting.
The FortiGate unit supports the following update options:
• user-initiated updates from the FDN
• hourly, daily, or weekly scheduled antivirus definition, IPS definition, and antispam rule
set updates from the FDN
• push updates from the FDN
• update status including version numbers, expiry dates, and update dates and times
• push updates through a NAT device.
Registering your FortiGate unit on the Fortinet Support web page provides a valid license
contract and connection to the FDN. On the Fortinet Support web page, go to Product
Registration and follow the instructions.
The FortiGate unit must be able to connect to the FDN using HTTPS on port 443 to
receive scheduled updates. For more information, see “To enable scheduled updates” on
page 329.
You can also configure the FortiGate unit to receive push updates. When the FortiGate
unit is receiving push updates, the FDN must be able to route packets to the FortiGate unit
using UDP port 9443. For more information, see “Enabling push updates” on page 330. If
the FortiGate unit is behind a NAT device, see “Enabling push updates through a NAT
device” on page 331.
FortiGuard services
Worldwide coverage of FortiGuard services is provided by FortiGuard service points.
When the FortiGate unit is connecting to the FDN, it is connecting to the closest
FortiGuard service point. Fortinet adds new service points as required.
If the closest service point becomes unreachable for any reason, the FortiGate unit
contacts another service point and information is available within seconds. By default, the
FortiGate unit communicates with the service point via UDP on port 53. Alternately, you
can switch the UDP port used for service point communication to port 8888 by going to
System > Maintenance > FortiGuard.
If you need to change the default FortiGuard service point host name, use the hostname
keyword in the system fortiguard CLI command. You cannot change the FortiGuard
service point name using the web-based manager.
For more information about FortiGuard services, see the FortiGuard Center web page.
To Next Page
Loading...
Need help?
General
