Enabling push updates System Maintenance
FortiGate Version 4.0 MR1 Administration Guide
332 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
To configure FortiGuard options on the FortiGate unit on the internal network
1 Go to System > Maintenance > FortiGuard.
2 Select the expand arrow beside AntiVirus and IPS Options to reveal the available
options.
3 Select the Allow Push Update check box.
4 Select the Use override push IP check box.
5 Enter the IP address of the external interface of the NAT device.
UDP port 9943 is changed only if it is blocked or in use.
6 Select Apply.
You can change to the push override configuration if the external IP address of the
external service port changes; select Apply to have the FortiGate unit send the updated
push information to the FDN.
When the FortiGate unit sends the override push IP address and port to the FDN, the FDN
uses this IP address and port for push updates to the FortiGate unit. However, push
updates will not actually work until a virtual IP is added to the NAT device so that the NAT
device accepts push update packets and forwards them to the FortiGate unit on the
internal network.
If the NAT device is also a FortiGate unit, the following procedure, To add a port
forwarding virtual IP to the FortiGate NAT device, allows you to configure the NAT device
to use port forwarding to push update connections from the FDN to the FortiGate unit on
the internal network.
To add a port forwarding virtual IP to the FortiGate NAT device
1 Go to Firewall > Virtual IP.
2 Select Create New.
3 Enter the appropriate information for the following:
4 Select OK.
Name Enter a name for the Virtual IP.
External Interface Select an external interface from the list. This is the interface that
connects to the Internet.
External IP
Address/Range
Enter the IP address and/or range. This is the IP address to which
the FDN sends the push updates. This is usually the IP address of
the external interface of the NAT device. This IP address must be
the same as the IP address in User override push update for the
FortiGate unit on the internal network.
Mapped IP
Address/Range
Enter the IP address and/or range of the FortiGate unit on the
internal network.
Port Forwarding Select Port Forwarding. When you select Port Forwarding, the
options Protocol, External Services Port and Map to Port appear.
Protocol Select UDP.
External Service Port Enter the external service port. The external service port is the port
that the FDN connects to. The external service port for push
updates is usually 9443. If you changed the push update port in the
FortiGuard configuration of the FortiGate unit on the internal
network, you must set the external service port to the changed push
update port.
Map to Port Enter 9443. This is the port number to which the NAT FortiGate unit
will send the push update after it comes through the virtual IP.
FortiGate units expect push update notifications on port 9443.
To Next Page
Loading...
Need help?
General
