Fortinet white logo
Fortinet white logo

Handbook

Configuring FortiGuard service settings

Configuring FortiGuard service settings

FortiGuard periodically updates the WAF Signature Database, IP Reputation Database, and Geo IP Database.

From System > FortiGuard, you can configure FortiGuard settings on your FortiADC appliance through the FortiGuard Distribution Network (FDN).

Here, you can configure FortiADC to request for FortiGuard service updates from the FDN by Scheduling automatic signature updates and/or Manually initiating update requests.

Before you begin:

You must have Read and Write permission for System settings.

Licenses

Under the Licenses section, you can check your FortiGuard license status and upgrade the license as needed.

Support Contract

Under the Support Contract section, you can review the following contract information and directly login to the Fortinet Service & Support website.

Support Type

Description

Registration

Review your registration and license information. If you need to update your registration or renew your license, click Login Now to open the login page for the Fortinet Service & Support website.

Note: If your license is invalid, FortiGuard does not send updates to your FortiADC. The functionality on your FortiADC unit remains intact and useful even though it is out of date.

Hardware Shows the hardware model of your FortiADC unit.
Firmware Shows the firmware version on your FortiADC unit.
Enhanced Support Shows the status of Enhanced Support of your FortiADC unit. .
Comprehensive Support Shows the status of Comprehensive Support of your FortiADC unit.

FortiGuard services and updates

Under the FortiGuard Services section, you can review the list of your FortiGuard service entitlement and the status of each service.

From here, you can also manually update each service by uploading the update packages individually. You can obtain each update package from the FortiGuard website.

Alternatively, you can configure FortiADC to request for FortiGuard service updates from the FDN by doing either or both of the following:

Service Description
WAF Signature

Shows the version of the Web Application Firewall Signature file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest WAF Signature file.

IP Reputation

Shows the version of the IP Reputation file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest IP reputation file.

Credential Stuffing Defense

Shows the version of the Credential Stuffing Defense file on your FortiADC unit.

Geo IP

Shows the version and region of the Geo IP file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest Geo IP file.

Web Filter

Shows the status of the Web Filter on your FortiADC unit.

Intrusion Prevention

Shows the version of the Regular IPS Database, Extended IPS Database, and IPS Engine on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest Intrusion Prevention file.

Antivirus

Shows the version of the Antivirus Regular Virus Database, Extended Virus Database, Extreme Virus Database, and AV Engine on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the Antivirus files.

Threat Analytics

Shows the license status of the AI Threat Analytics on your FortiADC unit.

Data Loss Prevention (DLP)

Shows the version of the FortiGuard Data Loss Prevention (DLP) service on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest DLP Signature file.

Advanced Bot Protection

Shows the license status of the Advanced Bot Protection on your FortiADC unit.

Scheduling automatic signature updates

You can configure the FortiADC appliance to periodically poll for FortiGuard service updates from the FDN, and automatically download and apply updates if they are available. For example, you may want to schedule update requests every night at 2 AM local time when traffic volume is light. You can also use the command config system fortiguard to upgrade from the Anycast server. For more information, see set anycast {enable|disable} in config system fortiguard in the FortiADC CLI Reference (https://docs.fortinet.com/product/fortiadc/).

You can manually upload update packages, or initiate an update request as an alternative or in conjunction with scheduled updates. For additional/alternative update methods, see Manually initiating update requests.

To configure automatic updates
  1. Verify that the FortiADC appliance has a valid license and can connect to the FDN, or (if destination NAT is used, for example) the IP address that you are using to override the default IPs for FDN servers. For details, see Connecting to FortiGuard services to determine your FortiGuard license status and to verify the FortiGuard update connectivity.
  2. Go to System > FortiGuard.
    The page informs you if you are not registered or if registration has expired. If your registration is active, continue scheduling updates; otherwise, click Register or Renew.
  3. Configure the following settings:
    SettingGuideline
    Scheduled Update

    Click the button to enable or disable the Scheduled Update feature.

    Note: If enabled, you must set the frequency, date, or time of the update schedule. See below.

    Scheduled Update Frequency
    • Every—Schedule periodic updates. Specify the update interval to perform the scheduled update.
    • Daily—Schedule daily updates. Specify the time of the day to perform the scheduled update.
    • Weekly—Schedule weekly updates. Specify the day and time to perform the scheduled update.
    Scheduled Update Day

    Select the day of the week for the scheduled update.

    Scheduled Update Time

    Specify the time (hour and minute) for the scheduled update.

    Override Server

    Click the button to enable or disable the Override Server feature.

    Note: This feature provides another option for your FortiADCto connect to FortiGuard when it ( FortiADC) is unable to connect to FortiGuard via the default FortiGuard server IP address.

    If enabled, you must enter the Override Server Address that you have obtained from the Fortinet Service and Support team. See below.

    Override Server Address

    Enter the Override Server Address provided by the Fortinet Service and Support team.

    Tunneling

    Click the button to enable or disable tunneling.

    If enabled, you must configure all the settings for the tunneling function. See below.

    Note: Tunneling, or port forwarding, is a way of transmitting private (usually corporate) data through a public network in a disguised way — the routing nodes in the public network are unaware that the transmission is part of a private network.

    Tunneling DNS

    Click the button to enable or disable DNS via web proxy tunneling for FDN.

    Tunneling Address

    Enter the Tunneling Address that was provided to you.

    Tunneling Port

    Enter the Tunneling Port number that was provided to you.

    Tunneling Username

    Specify your user name for the tunneling configuration.

    Tunneling Password

    Specify your password for the tunneling configuration.

  4. Click Save.

Results of the update activity appear in Log & Report > Event log if you have enabled logging via Log Settings > Event.

When the FortiADC appliance requests an update, the event is recorded in Log & Report > Event log.

Example log messages include:

Update result: fcni=yes fdni=yes fsci=yes IP Reputation(4.00709) Geo IP(2.00094) Regular Virus Database(89.00510) Extended Virus Database(88.09720) Extreme Virus Database(88.09670) AV Engine(6.00162) from 173.243.140.6:443

Once the attack signature update is complete, FortiADC immediately begins to use them. No reboot is required.

Manually initiating update requests

If an important update has been released but there is too much time remaining until your appliance’s next scheduled update poll, you can manually trigger the FortiADC appliance to connect to the FDN or FDS server override to request available updates for its FortiGuard service packages.

You can manually initiate updates as an alternative or in addition to other update methods. For details, see Scheduling automatic signature updatesScheduling automatic signature updates

To manually request updates
  1. Before manually initiating an update, first verify that the FortiADC appliance has a valid license and can connect to the FDN or override server. For details, see Connecting to FortiGuard services to determine your FortiGuard license status and to verify the FortiGuard update connectivity.
  2. Go to System > FortiGuard.
  3. Click Update FortiGuard Service Definitions.
    The web UI displays a message similar to the following:
    Update database successful, status refreshed.

Results of the update activity appear in Log & Report > Event log if you have enabled logging via Log Settings > Event.

When the FortiADC appliance requests an update, the event is recorded in Log & Report > Event log.

Example log messages include:

Update result: fcni=yes fdni=yes fsci=yes IP Reputation(4.00709) Geo IP(2.00094) Regular Virus Database(89.00510) Extended Virus Database(88.09720) Extreme Virus Database(88.09670) AV Engine(6.00162) from 173.243.140.6:443

Once the attack signature update is complete, FortiADC immediately begins to use them. No reboot is required.

Web Filter

Under the Web Filter section, you can configure your FortiGuard web filter settings.

Setting

Guideline

Cache Status

Click the button to enable or disable caching of the categorical lists of websites.

Note: FortiGuard maintains massive lists of web sites classified into categories so that you can enforce categorical decisions in your rules, like "do not do SSL forward proxy for sites belonging to the Personal Privacy category."

Cache TTL Specify a cache expiration value. The default is 3600. The valid range is from 10 to 86,400. When the cache expires, FortiADC initiates an update from FortiGuard.
FDS Port Specify the port to receive updates. The default is 53. An alternative is 8888.

Configuring FortiGuard service settings

Configuring FortiGuard service settings

FortiGuard periodically updates the WAF Signature Database, IP Reputation Database, and Geo IP Database.

From System > FortiGuard, you can configure FortiGuard settings on your FortiADC appliance through the FortiGuard Distribution Network (FDN).

Here, you can configure FortiADC to request for FortiGuard service updates from the FDN by Scheduling automatic signature updates and/or Manually initiating update requests.

Before you begin:

You must have Read and Write permission for System settings.

Licenses

Under the Licenses section, you can check your FortiGuard license status and upgrade the license as needed.

Support Contract

Under the Support Contract section, you can review the following contract information and directly login to the Fortinet Service & Support website.

Support Type

Description

Registration

Review your registration and license information. If you need to update your registration or renew your license, click Login Now to open the login page for the Fortinet Service & Support website.

Note: If your license is invalid, FortiGuard does not send updates to your FortiADC. The functionality on your FortiADC unit remains intact and useful even though it is out of date.

Hardware Shows the hardware model of your FortiADC unit.
Firmware Shows the firmware version on your FortiADC unit.
Enhanced Support Shows the status of Enhanced Support of your FortiADC unit. .
Comprehensive Support Shows the status of Comprehensive Support of your FortiADC unit.

FortiGuard services and updates

Under the FortiGuard Services section, you can review the list of your FortiGuard service entitlement and the status of each service.

From here, you can also manually update each service by uploading the update packages individually. You can obtain each update package from the FortiGuard website.

Alternatively, you can configure FortiADC to request for FortiGuard service updates from the FDN by doing either or both of the following:

Service Description
WAF Signature

Shows the version of the Web Application Firewall Signature file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest WAF Signature file.

IP Reputation

Shows the version of the IP Reputation file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest IP reputation file.

Credential Stuffing Defense

Shows the version of the Credential Stuffing Defense file on your FortiADC unit.

Geo IP

Shows the version and region of the Geo IP file on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest Geo IP file.

Web Filter

Shows the status of the Web Filter on your FortiADC unit.

Intrusion Prevention

Shows the version of the Regular IPS Database, Extended IPS Database, and IPS Engine on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest Intrusion Prevention file.

Antivirus

Shows the version of the Antivirus Regular Virus Database, Extended Virus Database, Extreme Virus Database, and AV Engine on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the Antivirus files.

Threat Analytics

Shows the license status of the AI Threat Analytics on your FortiADC unit.

Data Loss Prevention (DLP)

Shows the version of the FortiGuard Data Loss Prevention (DLP) service on your FortiADC unit. To manually update the file, click Update to display controls that enable you to select and upload the latest DLP Signature file.

Advanced Bot Protection

Shows the license status of the Advanced Bot Protection on your FortiADC unit.

Scheduling automatic signature updates

You can configure the FortiADC appliance to periodically poll for FortiGuard service updates from the FDN, and automatically download and apply updates if they are available. For example, you may want to schedule update requests every night at 2 AM local time when traffic volume is light. You can also use the command config system fortiguard to upgrade from the Anycast server. For more information, see set anycast {enable|disable} in config system fortiguard in the FortiADC CLI Reference (https://docs.fortinet.com/product/fortiadc/).

You can manually upload update packages, or initiate an update request as an alternative or in conjunction with scheduled updates. For additional/alternative update methods, see Manually initiating update requests.

To configure automatic updates
  1. Verify that the FortiADC appliance has a valid license and can connect to the FDN, or (if destination NAT is used, for example) the IP address that you are using to override the default IPs for FDN servers. For details, see Connecting to FortiGuard services to determine your FortiGuard license status and to verify the FortiGuard update connectivity.
  2. Go to System > FortiGuard.
    The page informs you if you are not registered or if registration has expired. If your registration is active, continue scheduling updates; otherwise, click Register or Renew.
  3. Configure the following settings:
    SettingGuideline
    Scheduled Update

    Click the button to enable or disable the Scheduled Update feature.

    Note: If enabled, you must set the frequency, date, or time of the update schedule. See below.

    Scheduled Update Frequency
    • Every—Schedule periodic updates. Specify the update interval to perform the scheduled update.
    • Daily—Schedule daily updates. Specify the time of the day to perform the scheduled update.
    • Weekly—Schedule weekly updates. Specify the day and time to perform the scheduled update.
    Scheduled Update Day

    Select the day of the week for the scheduled update.

    Scheduled Update Time

    Specify the time (hour and minute) for the scheduled update.

    Override Server

    Click the button to enable or disable the Override Server feature.

    Note: This feature provides another option for your FortiADCto connect to FortiGuard when it ( FortiADC) is unable to connect to FortiGuard via the default FortiGuard server IP address.

    If enabled, you must enter the Override Server Address that you have obtained from the Fortinet Service and Support team. See below.

    Override Server Address

    Enter the Override Server Address provided by the Fortinet Service and Support team.

    Tunneling

    Click the button to enable or disable tunneling.

    If enabled, you must configure all the settings for the tunneling function. See below.

    Note: Tunneling, or port forwarding, is a way of transmitting private (usually corporate) data through a public network in a disguised way — the routing nodes in the public network are unaware that the transmission is part of a private network.

    Tunneling DNS

    Click the button to enable or disable DNS via web proxy tunneling for FDN.

    Tunneling Address

    Enter the Tunneling Address that was provided to you.

    Tunneling Port

    Enter the Tunneling Port number that was provided to you.

    Tunneling Username

    Specify your user name for the tunneling configuration.

    Tunneling Password

    Specify your password for the tunneling configuration.

  4. Click Save.

Results of the update activity appear in Log & Report > Event log if you have enabled logging via Log Settings > Event.

When the FortiADC appliance requests an update, the event is recorded in Log & Report > Event log.

Example log messages include:

Update result: fcni=yes fdni=yes fsci=yes IP Reputation(4.00709) Geo IP(2.00094) Regular Virus Database(89.00510) Extended Virus Database(88.09720) Extreme Virus Database(88.09670) AV Engine(6.00162) from 173.243.140.6:443

Once the attack signature update is complete, FortiADC immediately begins to use them. No reboot is required.

Manually initiating update requests

If an important update has been released but there is too much time remaining until your appliance’s next scheduled update poll, you can manually trigger the FortiADC appliance to connect to the FDN or FDS server override to request available updates for its FortiGuard service packages.

You can manually initiate updates as an alternative or in addition to other update methods. For details, see Scheduling automatic signature updatesScheduling automatic signature updates

To manually request updates
  1. Before manually initiating an update, first verify that the FortiADC appliance has a valid license and can connect to the FDN or override server. For details, see Connecting to FortiGuard services to determine your FortiGuard license status and to verify the FortiGuard update connectivity.
  2. Go to System > FortiGuard.
  3. Click Update FortiGuard Service Definitions.
    The web UI displays a message similar to the following:
    Update database successful, status refreshed.

Results of the update activity appear in Log & Report > Event log if you have enabled logging via Log Settings > Event.

When the FortiADC appliance requests an update, the event is recorded in Log & Report > Event log.

Example log messages include:

Update result: fcni=yes fdni=yes fsci=yes IP Reputation(4.00709) Geo IP(2.00094) Regular Virus Database(89.00510) Extended Virus Database(88.09720) Extreme Virus Database(88.09670) AV Engine(6.00162) from 173.243.140.6:443

Once the attack signature update is complete, FortiADC immediately begins to use them. No reboot is required.

Web Filter

Under the Web Filter section, you can configure your FortiGuard web filter settings.

Setting

Guideline

Cache Status

Click the button to enable or disable caching of the categorical lists of websites.

Note: FortiGuard maintains massive lists of web sites classified into categories so that you can enforce categorical decisions in your rules, like "do not do SSL forward proxy for sites belonging to the Personal Privacy category."

Cache TTL Specify a cache expiration value. The default is 3600. The valid range is from 10 to 86,400. When the cache expires, FortiADC initiates an update from FortiGuard.
FDS Port Specify the port to receive updates. The default is 53. An alternative is 8888.