fds-setting
Use this command to set FDS settings.
Syntax
config fmupdate fds-setting
set fds-clt-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2}
set fds-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2}
set fmtr-log {alert | critical | debug | disable | emergency | error | info | notice | warn}
set fortiguard-anycast {enable | disable}
set fortiguard-anycast-source {aws | fortinet}
set linkd-log {alert | critical | debug | disable | emergency | error | info | notice | warn}
set max-av-ips-version <integer>
set max-work <integer>
set send_report {enable | disable}
set send_setup {enable | disable}
set system-support-fai {7.x}
set system-support-faz {6.x 7.x}
set system-support-fct {4.x 5.0 5.2 5.4 5.6 6.0 6.2 6.4 7.0 7.2}
set system-support-fdc {3.x 4.x}
set system-support-fgt {5.4 5.6 6.0 6.2 6.4 7.0 7.2 7.4}
set system-support-fis {1.x 2.x}
set system-support-fml {4.x 5.x 6.x 7.x}
set system-support-fsa {1.x 2.x 3.0 3.1 3.2 3.x 4.x}
set system-support-fts {3.x 4.x 7.x}
set umsvc-log {alert | critical | debug | disable | emergency | error | info | notice | warn}
set unreg-dev-option {add-service | ignore | svc-only}
set User-Agent <text>
set wanip-query-mode {disable | ipify}
end
Variables |
Description |
---|---|
fds-clt-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2} |
Set the SSL protocols version for connecting FDS server (default = tlsv1.2). |
fds-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2} |
Set the SSL protocols version for FDS service (default = tlsv1.0). |
fmtr-log {alert | critical | debug | disable | emergency | error | info | notice | warn} |
The fmtr log level. Set to |
fortiguard-anycast {enable | disable} |
Enable/disable use of FortiGuard's anycast network (default = disable). |
fortiguard-anycast-source {aws | fortinet} |
Configure which servers provide FortiGuard services in FortiGuard's anycast network (default = fortinet). |
linkd-log {alert | critical | debug | disable | emergency | error | info | notice | warn} |
The linkd log level (default = info). |
max-av-ips-version <integer> |
The maximum number of AV/IPS full version downloadable packages (default = 20). |
max-work <integer> |
The maximum number of worker processing downlink requests (default = 1). |
send_report {enable | disable} |
Enable/disable sending reports to the FDS server (default = disable). |
send_setup {enable | disable} |
Enable/disable sending setup to the FDS server (default = disable). |
system-support-fai {7.x} |
Set the FortiAI support version. |
system-support-faz {6.x 7.x} |
Set the FortiAnalyzer support version. |
system-support-fct {4.x 5.0 5.2 5.4 5.6 6.0 6.2 6.4 7.0 7.2} |
Set the FortiClient support version. |
system-support-fdc {3.x 4.x} |
Set the FortiDeceptor support version. |
system-support-fgt {5.4 5.6 6.0 6.2 6.4 7.0 7.2} |
Set the FortiGate support version. |
system-support-fis {1.x 2.x} |
Set the FortiIsolator support version. |
system-support-fml {4.x 5.x 6.x 7.x} |
Set the FortiMail support version. |
system-support-fsa {1.x 2.x 3.0 3.1 3.2 3.x 4.x} |
Set the FortiSandbox support version. |
system-support-fts {3.x 4.x 7.x} |
Set the FortiTester support version. |
umsvc-log {alert | critical | debug | disable | emergency | error | info | notice | warn} |
The um_service log level (default = info). |
unreg-dev-option {add-service | ignore | svc-only} |
Set the option for unregistered devices:
|
User-Agent <text> |
Configure the User-Agent string. |
wanip-query-mode {disable | ipify} |
Set the public IP query mode.
|
fds-setting push-override
Use this command to enable or disable push updates, and to override the default IP address and port to which the FDS sends FortiGuard antivirus and IPS push messages.
This is useful if push notifications must be sent to an IP address and/or port other than the FortiAnalyzer unit, such as the external or virtual IP address of a NAT device that forwards traffic to the FortiAnalyzer unit.
Syntax
config fmupdate fds-setting
config push-override
set ip <ipv_address>
set port <integer>
set status {enable | disable}
end
end
Variable | Description |
---|---|
ip <ipv_address> |
Enter the external or virtual IP address of the NAT device that will forward push messages to the FortiAnalyzer unit. |
port <integer> |
Enter the receiving port number on the NAT device (1 - 65535, default = 9443). |
status {enable | disable} |
Enable/disable the push updates (default = disable). |
Example
You could enable the FortiAnalyzer unit’s built-in FDS to receive push messages.
If there is a NAT device or firewall between the FortiAnalyzer unit and the FDS, you could also notify the FDS to send push messages to the external IP address of the NAT device, instead of the FortiAnalyzer unit’s private network IP address.
config fmupdate fds-setting
config push-override
set status enable
set ip 172.16.124.135
set port 9000
end
end
You would then configure port forwarding on the NAT device, forwarding push messages received on User Datagram Protocol (UDP) port 9000 to the FortiAnalyzer unit on UDP port 9443.
fds-setting push-override-to-client
Use this command to define which FortiAnalyzer IP addresses/ports are announced to devices for which the FortiAnalyzer provides FDS services. By default, FortiAnalyzer will announce all its interfaces using the port 8890.
Syntax
config fmupdate fds-setting
config push-override-to-client
set status {enable | disable}
config <announce-ip>
edit <id>
set ip <ip_address>
set port <integer>
end
end
end
Variable | Description |
---|---|
status {enable | disable} |
Enable/disable the push updates (default = disable). |
Variables for config announce-ip subcommand: |
|
<id> |
Edit the announce IP address ID (1 - 10). |
ip <ip_address> |
Enter the announce IP address. |
port <integer> |
Enter the announce IP port (1 - 65535, default = 8890). |
fds-setting server-override
Use this command to override the default IP address and port that the built-in FDS contacts when requesting FortiGuard spam updates.
Syntax
config fmupdate fds-setting
config server-override
set status {enable | disable}
config servlist
edit <id>
set ip <ipv4_address>
set ip6 <ipv6_address>
set port <integer>
set server-type {fct | fds}
end
end
end
Variable |
Description |
---|---|
status {enable | disable} |
Enable/disable the override (default = disable). |
Variable for |
|
<id> |
Enter the override server ID (1 - 10). |
ip <ipv4_address> |
Enter the IPv4 address of the override server address. |
ip6 <ipv6_address> |
Enter the IPv6 address of the override server address. |
port <integer> |
Enter the port number to use when contacting the FDS (1 - 65535, default = 443). |
server-type {fct| fds} |
Set the override server type (default = fds). |
fds-setting update-schedule
Use this command to schedule when the built-in FortiGuard retrieves antivirus and IPS updates.
Syntax
config fmupdate fds-setting
config update-schedule
set day {Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday}
set frequency {every | daily | weekly}
set status {enable | disable}
set time <hh:mm>
end
end
Variable |
Description |
---|---|
day {Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday} |
The day that the update will occur (Sunday - Saturday, default = Monday). This option is only available if the update frequency is |
frequency {every | daily | weekly} |
The update frequency: every given time interval, once a day, or once a week (default = every). |
status {enable | disable} |
Enable/disable scheduled updates (default = enable). |
time <hh:mm> |
The time interval between updates, or the hour and minute when the update occurs (hh: 0 - 23, mm: 0 - 59 or 60 = random, default = 00:10). |