Fortinet black logo

Handbook

Configuring FortiGuard service settings

Configuring FortiGuard service settings

FortiGuard periodically updates the WAF Signature Database, IP Reputation Database, and Geo IP Database. You can go to the FortiGuard website to download the update packages that you can upload to FortiADC, or you can schedule automatic updates.

Before you begin:

  • If you want to perform a manual update, you must download the update file from the FortiGuard website.

You must have Read-Write permission for System settings.

To configure FortiGuard service settings:
  1. Go to System > Settings.
  2. Click the FortiGuard tab.
  3. Complete the configuration as described in FortiGuard service configuration.
  4. Save the configuration.

FortiGuard service configuration

Settings Guidelines
Support Contract
Registration

Review your registration and license information. If you need to update your registration or renew your license, click Login Now to open the login page for the Fortinet Service & Support website.

Note: If your license is invalid, FortiGuard does not send updates to your FortiADC. The functionality on your FortiADC unit remains intact and useful even though it is out of date.

Hardware

Shows the hardware model of your FortiADC unit.

Firmware

Shows the firmware version on your FortiADC unit.

Enhanced Support

Shows the status of Enhanced Support of your FortiADC unit. .

Comprehensive Support

Shows the status of Comprehensive Support of your FortiADC unit.

FortiGuard Services
WAF Signature

Shows the version of the Web Application Firewall Signature file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest WAF Signature file.

IP Reputation

Shows the version of the IP Reputation file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest IP reputation file.

Geo IP

Shows the version and region of the Geo IP file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest Geo IP file.

Web Filter

Shows the status of the Web Filter on your FortiADC unit.

Update Schedule
Scheduled Update

Click the button to enable or disable the Scheduled Update feature.

Note: If enabled, you must set the frequency, date, or time of the update schedule. See below.

Scheduled Update Frequency
  • Every—Schedule periodic updates. Specify the update interval to perform the scheduled update.
  • Daily—Schedule daily updates. Specify the time of the day to perform the scheduled update.
  • Weekly—Schedule weekly updates. Specify the day and time to perform the scheduled update.
Scheduled Update Day

Select the day of the week for the scheduled update.

Scheduled Update Time

Specify the time (hour and minute) for the scheduled update.

Override Server

Click the button to enable or disable the Override Server feature.

Note: This feature provides another option for your FortiADCto connect to FortiGuard when it ( FortiADC) is unable to connect to FortiGuard via the default FortiGuard server IP address.

If enabled, you must enter the Override Server Address that you have obtained from the Fortinet Service and Support team. See below.

Override Server Address

Enter the Override Server Address provided by the Fortinet Service and Support team.

Tunneling

Click the button to enable or disable tunneling.

If enabled, you must configure all the settings for the tunneling function. See below.

Note: Tunneling, or port forwarding, is a way of transmitting private (usually corporate) data through a public network in a disguised way — the routing nodes in the public network are unaware that the transmission is part of a private network.

Tunneling Address

Enter the Tunneling Address that was provided to you.

Tunneling Port

Enter the Tunneling Port number that was provided to you.

Tunneling Username

Specify your user name for the tunneling configuration.

Tunneling Password

Specify your password for the tunneling configuration.

Save

Click the Save button to save your FortiGuard service configuration.

Web Filter
Cache Status

Click the button to enable or disable caching of the categorical lists of websites.

Note: FortiGuard maintains massive lists of web sites classified into categories so that you can enforce categorical decisions in your rules, like "do not do SSL forward proxy for sites belonging to the Personal Privacy category."

Cache TTL

Specify a cache expiration value. The default is 3600. The valid range is from 10 to 86,400. When the cache expires, FortiADC initiates an update from FortiGuard.

FDS Port

Specify the port to receive updates. The default is 53. An alternative is 8888.

Save

Click Save to save your Web Filter configuration.

Configuring FortiGuard service settings

FortiGuard periodically updates the WAF Signature Database, IP Reputation Database, and Geo IP Database. You can go to the FortiGuard website to download the update packages that you can upload to FortiADC, or you can schedule automatic updates.

Before you begin:

  • If you want to perform a manual update, you must download the update file from the FortiGuard website.

You must have Read-Write permission for System settings.

To configure FortiGuard service settings:
  1. Go to System > Settings.
  2. Click the FortiGuard tab.
  3. Complete the configuration as described in FortiGuard service configuration.
  4. Save the configuration.

FortiGuard service configuration

Settings Guidelines
Support Contract
Registration

Review your registration and license information. If you need to update your registration or renew your license, click Login Now to open the login page for the Fortinet Service & Support website.

Note: If your license is invalid, FortiGuard does not send updates to your FortiADC. The functionality on your FortiADC unit remains intact and useful even though it is out of date.

Hardware

Shows the hardware model of your FortiADC unit.

Firmware

Shows the firmware version on your FortiADC unit.

Enhanced Support

Shows the status of Enhanced Support of your FortiADC unit. .

Comprehensive Support

Shows the status of Comprehensive Support of your FortiADC unit.

FortiGuard Services
WAF Signature

Shows the version of the Web Application Firewall Signature file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest WAF Signature file.

IP Reputation

Shows the version of the IP Reputation file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest IP reputation file.

Geo IP

Shows the version and region of the Geo IP file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest Geo IP file.

Web Filter

Shows the status of the Web Filter on your FortiADC unit.

Update Schedule
Scheduled Update

Click the button to enable or disable the Scheduled Update feature.

Note: If enabled, you must set the frequency, date, or time of the update schedule. See below.

Scheduled Update Frequency
  • Every—Schedule periodic updates. Specify the update interval to perform the scheduled update.
  • Daily—Schedule daily updates. Specify the time of the day to perform the scheduled update.
  • Weekly—Schedule weekly updates. Specify the day and time to perform the scheduled update.
Scheduled Update Day

Select the day of the week for the scheduled update.

Scheduled Update Time

Specify the time (hour and minute) for the scheduled update.

Override Server

Click the button to enable or disable the Override Server feature.

Note: This feature provides another option for your FortiADCto connect to FortiGuard when it ( FortiADC) is unable to connect to FortiGuard via the default FortiGuard server IP address.

If enabled, you must enter the Override Server Address that you have obtained from the Fortinet Service and Support team. See below.

Override Server Address

Enter the Override Server Address provided by the Fortinet Service and Support team.

Tunneling

Click the button to enable or disable tunneling.

If enabled, you must configure all the settings for the tunneling function. See below.

Note: Tunneling, or port forwarding, is a way of transmitting private (usually corporate) data through a public network in a disguised way — the routing nodes in the public network are unaware that the transmission is part of a private network.

Tunneling Address

Enter the Tunneling Address that was provided to you.

Tunneling Port

Enter the Tunneling Port number that was provided to you.

Tunneling Username

Specify your user name for the tunneling configuration.

Tunneling Password

Specify your password for the tunneling configuration.

Save

Click the Save button to save your FortiGuard service configuration.

Web Filter
Cache Status

Click the button to enable or disable caching of the categorical lists of websites.

Note: FortiGuard maintains massive lists of web sites classified into categories so that you can enforce categorical decisions in your rules, like "do not do SSL forward proxy for sites belonging to the Personal Privacy category."

Cache TTL

Specify a cache expiration value. The default is 3600. The valid range is from 10 to 86,400. When the cache expires, FortiADC initiates an update from FortiGuard.

FDS Port

Specify the port to receive updates. The default is 53. An alternative is 8888.

Save

Click Save to save your Web Filter configuration.