Fortinet black logo

Handbook

6.5.0
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1

FortiGuard

FortiGuard

FortiDDoS supports two FortiGuard subscription services. This section describes settings for connecting to FortiGuard for the necessary downloads.

Note: Neither of these subscriptions is required for DDoS Mitigation. They are not DDoS threat signatures as all necessary signatures are included in FortiDDoS firmware. FortiGuard ACLs supplement or offload other networking equipment ACLs. For example, they will prevent connection floods from known malicious actors and/or prevent bots from reaching DDoS controllers.

FortiGuard Setup Requirements:

  • System mgmt2 port must have internet access and DNS server access

  • NTP and Time Zone must be set

FortiDDoS connects to FortiGuard via a DNS request an downloads a list of IPs paired with time zones to determine which data center it will access for updates. At the scheduled intervals, it attempts to update the databases. FortiDDoS generates Success/ Fail event logs for each attempt.

Dashboard > Status and System > FortiGuard provides further details on subscription/ license status, FortiCare status, and last successful FortiGuard connection.

Available Subscription

Description

Configurable Categories

IP Reputation

This subscription adds an IP address ACL list for its configurable categories

Enabled via the IP Profile

DDoS, Anonymous Proxies, Phishing, Spam, Tor (nodes)

These are subsets of the larger databases used by FortiGate IP Reputation/web/domain filtering

Domain Reputation

This subscription adds a Domain (FQDN) ACL list for its configurable categories

Enabled via the DNS Profile

Malicious URLs, Botnet Domains, Bitcoin Mining Domains

These are subsets of the larger databases used by FortiGate web/domain filtering
To configure FortiGuard:
  1. Go to System/FortiGuard. This dashboard displays license and registration status, including status for the FortiGuard IP Reputation and Domain Reputation Services.
  2. Click Upload License to import a license file.

FortiGuard update schedule settings

Setting

Description
Scheduled Update Enable/disable FortiGuard scheduled updating
Scheduled Update Frequency

Every - every available update as they come

Daily - daily scheduled updates

Weekly - update will occur weekly, every 7 days on the scheduled update day that you set
Scheduled Update Day Use when Scheduled Update Frequency is Weekly. The day of the week when the update will occur.
Scheduled Update Time HH:MM. The time of day when the update will occur.

Override Server

Do not use - leave disabled

Override Server Address

Do not use

Tunneling

Enable to use a web proxy server IP address.

Note: FortiDDoS adds the IP address of the nearest FortiGuard data center into the connect URL that is forwarded to the proxy server. Thus, tunneling will not work with proxy servers expecting a FQDN in the 'get'.

Tunneling IP Address

Web proxy server IP address.

Tunneling Port

Port for the web proxy server.

Tunneling Username

Administrator user name for the web proxy server.

Tunneling Password

Password for the web proxy server.
License Information

The License Information table on this page provides current status of:

  • FortiCare Firmware and Enhanced Support

  • IP and Domain Reputation license subscription

    • Status

    • Version and date created (not downloaded) of the databases

    • Last successful check of FortiGuard databases

Tooltip

To configure FortiGuard access using the CLI:

config system fortiguard

set scheduled-update-status {enable|disable}

set scheduled-update-frequency {daily|weekly}

set scheduled-update-day {Sunday|Monday|Tuesday|Wednesday|Thursday|Friday|Saturday}

set scheduled-update-time <HH:MM>

set override-server-status {enable|disable}

set override-server-address <IP address>

set tunneling-status {enable|disable}

set tunneling-address <IP address>

set tunneling-port <0-65535>

set tunneling-username <string>

set tunneling-password <string>

end
Previous
Next

FortiGuard

FortiDDoS supports two FortiGuard subscription services. This section describes settings for connecting to FortiGuard for the necessary downloads.

Note: Neither of these subscriptions is required for DDoS Mitigation. They are not DDoS threat signatures as all necessary signatures are included in FortiDDoS firmware. FortiGuard ACLs supplement or offload other networking equipment ACLs. For example, they will prevent connection floods from known malicious actors and/or prevent bots from reaching DDoS controllers.

FortiGuard Setup Requirements:

  • System mgmt2 port must have internet access and DNS server access

  • NTP and Time Zone must be set

FortiDDoS connects to FortiGuard via a DNS request an downloads a list of IPs paired with time zones to determine which data center it will access for updates. At the scheduled intervals, it attempts to update the databases. FortiDDoS generates Success/ Fail event logs for each attempt.

Dashboard > Status and System > FortiGuard provides further details on subscription/ license status, FortiCare status, and last successful FortiGuard connection.

Available Subscription

Description

Configurable Categories

IP Reputation

This subscription adds an IP address ACL list for its configurable categories

Enabled via the IP Profile

DDoS, Anonymous Proxies, Phishing, Spam, Tor (nodes)

These are subsets of the larger databases used by FortiGate IP Reputation/web/domain filtering

Domain Reputation

This subscription adds a Domain (FQDN) ACL list for its configurable categories

Enabled via the DNS Profile

Malicious URLs, Botnet Domains, Bitcoin Mining Domains

These are subsets of the larger databases used by FortiGate web/domain filtering
To configure FortiGuard:
  1. Go to System/FortiGuard. This dashboard displays license and registration status, including status for the FortiGuard IP Reputation and Domain Reputation Services.
  2. Click Upload License to import a license file.

FortiGuard update schedule settings

Setting

Description
Scheduled Update Enable/disable FortiGuard scheduled updating
Scheduled Update Frequency

Every - every available update as they come

Daily - daily scheduled updates

Weekly - update will occur weekly, every 7 days on the scheduled update day that you set
Scheduled Update Day Use when Scheduled Update Frequency is Weekly. The day of the week when the update will occur.
Scheduled Update Time HH:MM. The time of day when the update will occur.

Override Server

Do not use - leave disabled

Override Server Address

Do not use

Tunneling

Enable to use a web proxy server IP address.

Note: FortiDDoS adds the IP address of the nearest FortiGuard data center into the connect URL that is forwarded to the proxy server. Thus, tunneling will not work with proxy servers expecting a FQDN in the 'get'.

Tunneling IP Address

Web proxy server IP address.

Tunneling Port

Port for the web proxy server.

Tunneling Username

Administrator user name for the web proxy server.

Tunneling Password

Password for the web proxy server.
License Information

The License Information table on this page provides current status of:

  • FortiCare Firmware and Enhanced Support

  • IP and Domain Reputation license subscription

    • Status

    • Version and date created (not downloaded) of the databases

    • Last successful check of FortiGuard databases

Tooltip

To configure FortiGuard access using the CLI:

config system fortiguard

set scheduled-update-status {enable|disable}

set scheduled-update-frequency {daily|weekly}

set scheduled-update-day {Sunday|Monday|Tuesday|Wednesday|Thursday|Friday|Saturday}

set scheduled-update-time <HH:MM>

set override-server-status {enable|disable}

set override-server-address <IP address>

set tunneling-status {enable|disable}

set tunneling-address <IP address>

set tunneling-port <0-65535>

set tunneling-username <string>

set tunneling-password <string>

end
Previous
Next