Configuring FortiGuard service settings
FortiGuard periodically updates the WAF Signature Database, IP Reputation Database, and Geo IP Database.
From System > FortiGuard, you can configure FortiGuard settings on your FortiADC appliance through the FortiGuard Distribution Network (FDN).
Here, you can configure FortiADC to request for FortiGuard service updates from the FDN by Scheduling automatic signature updates and/or Manually initiating update requests.
Before you begin:
You must have Read and Write permission for System settings.
Licenses
Under the Licenses section, you can check your FortiGuard license status and upgrade the license as needed.
Support Contract
Under the Support Contract section, you can review the following contract information and directly login to the Fortinet Service & Support website.
Support Type |
Description |
---|---|
Registration |
Review your registration and license information. If you need to update your registration or renew your license, click Login Now to open the login page for the Fortinet Service & Support website. Note: If your license is invalid, FortiGuard does not send updates to your FortiADC. The functionality on your FortiADC unit remains intact and useful even though it is out of date. |
Hardware | Shows the hardware model of your FortiADC unit. |
Firmware | Shows the firmware version on your FortiADC unit. |
Enhanced Support | Shows the status of Enhanced Support of your FortiADC unit. . |
Comprehensive Support | Shows the status of Comprehensive Support of your FortiADC unit. |
FortiGuard services and updates
Under the FortiGuard Services section, you can review the list of your FortiGuard service entitlement and the status of each service.
From here, you can also manually update each service by uploading the update packages individually. You can obtain each update package from the FortiGuard website.
Alternatively, you can configure FortiADC to request for FortiGuard service updates from the FDN by doing either or both of the following:
Service | Description |
---|---|
WAF Signature |
Shows the version of the Web Application Firewall Signature file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest WAF Signature file. |
IP Reputation |
Shows the version of the IP Reputation file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest IP reputation file. |
Credential Stuffing Defense |
Shows the version of the Credential Stuffing Defense file on your FortiADC unit. |
Geo IP |
Shows the version and region of the Geo IP file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest Geo IP file. |
Web Filter |
Shows the status of the Web Filter on your FortiADC unit. |
Intrusion Prevention |
Shows the version of the Regular IPS Database, Extended IPS Database, and IPS Engine on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest Intrusion Prevention file. |
Antivirus |
Shows the version of the Antivirus Regular Virus Database, Extended Virus Database, Extreme Virus Database, and AV Engine on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the Antivirus files. |
Scheduling automatic signature updates
You can configure the FortiADC appliance to periodically poll for FortiGuard service updates from the FDN, and automatically download and apply updates if they are available. For example, you may want to schedule update requests every night at 2 AM local time when traffic volume is light. You can also use the command config system fortiguard
to upgrade from the Anycast server. For more information, see set anycast {enable|disable}
in config system fortiguard
in the FortiADC CLI Reference (https://docs.fortinet.com/product/fortiadc/).
You can manually upload update packages, or initiate an update request as an alternative or in conjunction with scheduled updates. For additional/alternative update methods, see Manually initiating update requests. |
To configure automatic updates
- Verify that the FortiADC appliance has a valid license and can connect to the FDN, or (if destination NAT is used, for example) the IP address that you are using to override the default IPs for FDN servers. For details, see Connecting to FortiGuard services to determine your FortiGuard license status and to verify the FortiGuard update connectivity.
- Go to System > FortiGuard.
The page informs you if you are not registered or if registration has expired. If your registration is active, continue scheduling updates; otherwise, click Register or Renew. - Configure the following settings:
Setting Guideline Scheduled Update Click the button to enable or disable the Scheduled Update feature.
Note: If enabled, you must set the frequency, date, or time of the update schedule. See below.
Scheduled Update Frequency - Every—Schedule periodic updates. Specify the update interval to perform the scheduled update.
- Daily—Schedule daily updates. Specify the time of the day to perform the scheduled update.
- Weekly—Schedule weekly updates. Specify the day and time to perform the scheduled update.
Scheduled Update Day Select the day of the week for the scheduled update.
Scheduled Update Time Specify the time (hour and minute) for the scheduled update.
Override Server Click the button to enable or disable the Override Server feature.
Note: This feature provides another option for your FortiADCto connect to FortiGuard when it ( FortiADC) is unable to connect to FortiGuard via the default FortiGuard server IP address.
If enabled, you must enter the Override Server Address that you have obtained from the Fortinet Service and Support team. See below.
Override Server Address Enter the Override Server Address provided by the Fortinet Service and Support team.
Tunneling Click the button to enable or disable tunneling.
If enabled, you must configure all the settings for the tunneling function. See below.
Note: Tunneling, or port forwarding, is a way of transmitting private (usually corporate) data through a public network in a disguised way — the routing nodes in the public network are unaware that the transmission is part of a private network.
Tunneling DNS
Click the button to enable or disable DNS via web proxy tunneling for FDN.
Tunneling Address Enter the Tunneling Address that was provided to you.
Tunneling Port Enter the Tunneling Port number that was provided to you.
Tunneling Username Specify your user name for the tunneling configuration.
Tunneling Password Specify your password for the tunneling configuration.
- Click Save.
Results of the update activity appear in Log & Report > Event log if you have enabled logging via Log Settings > Event.
When the FortiADC appliance requests an update, the event is recorded in Log & Report > Event log.
Example log messages include:
Update result: fcni=yes fdni=yes fsci=yes IP Reputation(4.00709) Geo IP(2.00094) Regular Virus Database(89.00510) Extended Virus Database(88.09720) Extreme Virus Database(88.09670) AV Engine(6.00162) from 173.243.140.6:443
Once the attack signature update is complete, FortiADC immediately begins to use them. No reboot is required.
Manually initiating update requests
If an important update has been released but there is too much time remaining until your appliance’s next scheduled update poll, you can manually trigger the FortiADC appliance to connect to the FDN or FDS server override to request available updates for its FortiGuard service packages.
You can manually initiate updates as an alternative or in addition to other update methods. For details, see Scheduling automatic signature updatesScheduling automatic signature updates |
To manually request updates
- Before manually initiating an update, first verify that the FortiADC appliance has a valid license and can connect to the FDN or override server. For details, see Connecting to FortiGuard services to determine your FortiGuard license status and to verify the FortiGuard update connectivity.
- Go to System > FortiGuard.
- Click Update FortiGuard Service Definitions.
The web UI displays a message similar to the following:
Update database successful, status refreshed.
Results of the update activity appear in Log & Report > Event log if you have enabled logging via Log Settings > Event.
When the FortiADC appliance requests an update, the event is recorded in Log & Report > Event log.
Example log messages include:
Update result: fcni=yes fdni=yes fsci=yes IP Reputation(4.00709) Geo IP(2.00094) Regular Virus Database(89.00510) Extended Virus Database(88.09720) Extreme Virus Database(88.09670) AV Engine(6.00162) from 173.243.140.6:443
Once the attack signature update is complete, FortiADC immediately begins to use them. No reboot is required.
Web Filter
Under the Web Filter section, you can configure your FortiGuard web filter settings.
Setting |
Guideline |
---|---|
Cache Status |
Click the button to enable or disable caching of the categorical lists of websites. Note: FortiGuard maintains massive lists of web sites classified into categories so that you can enforce categorical decisions in your rules, like "do not do SSL forward proxy for sites belonging to the Personal Privacy category." |
Cache TTL | Specify a cache expiration value. The default is 3600. The valid range is from 10 to 86,400. When the cache expires, FortiADC initiates an update from FortiGuard. |
FDS Port | Specify the port to receive updates. The default is 53. An alternative is 8888. |