Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    7.0.0
    7.0.3
    7.0.1
    7.0.0
    6.6.3
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.1

    FortiGuard

    FortiGuard

    FortiDDoS supports two FortiGuard subscription services. This section describes settings for connecting to FortiGuard for the necessary downloads.

    Note: Neither of these subscriptions is required for DDoS Mitigation. They are not DDoS threat signatures as all necessary signatures are included in FortiDDoS firmware. FortiGuard ACLs supplement or offload other networking equipment ACLs. For example, they will prevent connection floods from known malicious actors and/or prevent bots from reaching DDoS controllers.

    FortiGuard Setup Requirements:

    • System mgmt2 port must have internet access and DNS server access

    • NTP and Time Zone must be set

    FortiDDoS connects to FortiGuard via a DNS request an downloads a list of IPs paired with time zones to determine which data center it will access for updates. At the scheduled intervals, it attempts to update the databases. FortiDDoS generates Success/ Fail event logs for each attempt.

    Dashboard > Status and System > FortiGuard provides further details on subscription/ license status, FortiCare status, and last successful FortiGuard connection.

    Available Subscription

    Description

    Configurable Categories

    IP Reputation

    This subscription adds an IP address ACL list for its configurable categories

    Enabled via the IP Profile

    DDoS, Anonymous Proxies, Phishing, Spam, Tor (nodes)

    These are subsets of the larger databases used by FortiGate IP Reputation/web/domain filtering

    Domain Reputation

    This subscription adds a Domain (FQDN) ACL list for its configurable categories

    Enabled via the DNS Profile

    Malicious URLs, Botnet Domains, Bitcoin Mining Domains

    These are subsets of the larger databases used by FortiGate web/domain filtering
    To configure FortiGuard:
    1. Go to System/FortiGuard. This dashboard displays license and registration status, including status for the FortiGuard IP Reputation and Domain Reputation Services.
    2. Click Upload License to import a license file.

    FortiGuard update schedule and proxy tunneling settings

    Setting

    Description
    Scheduled Update Enable/disable FortiGuard scheduled updating
    Scheduled Update Frequency

    Every - every available update as they come

    Daily - daily scheduled updates

    Weekly - update will occur weekly, every 7 days on the scheduled update day that you set
    Scheduled Update Day Use when Scheduled Update Frequency is Weekly. The day of the week when the update will occur.
    Scheduled Update Time HH:MM. The time of day when the update will occur.

    Override Server

    Do not use - leave disabled

    Override Server Address

    Do not use

    Tunneling

    Enable to use a web proxy server IP address.

    If the proxy server requires an FQDN, see Tunneling DNS below

    Note, if Tunneling is not enabled, the options below will not show on the GUI.

    Tunneling IP Address

    Web proxy server IP address.

    Tunneling Port

    Port for the web proxy server.

    Tunneling Username

    Administrator username for the web proxy server.

    Tunneling Password

    Password for the web proxy server.

    Tunneling DNS

    If this checkbox is disabled FortiDDoS uses the IP address of the closest FortiGuard server (as determined by Time Zone) to FortiDDoS in the “CONNECT” message.

    Enable this checkbox if your Proxy server requires an FQDN in the “CONNECT” message. FortiDDoS automatically inserts the correct FortiGuard FQDN (update.fortiguard.net).
    License Information

    The License Information table on this page provides current status of:

    • FortiCare Firmware and Enhanced Support

    • IP and Domain Reputation license subscription

      • Status

      • Version and date created (not downloaded) of the databases

      • Last successful check of FortiGuard databases

    Tooltip

    To configure FortiGuard access using the CLI:

    config system fortiguard

    set scheduled-update-status {enable|disable}

    set scheduled-update-frequency {daily|weekly}

    set scheduled-update-day {Sunday|Monday|Tuesday|Wednesday|Thursday|Friday|Saturday}

    set scheduled-update-time <HH:MM>

    set override-server-status {enable|disable}

    set override-server-address <IP address>

    set tunneling-status {enable|disable}

    set tunneling-address <IP address>

    set tunneling-port <0-65535>

    set tunneling-username <string>

    set tunneling-password <string>

    end
    Previous
    Next

    FortiGuard

    FortiGuard

    FortiDDoS supports two FortiGuard subscription services. This section describes settings for connecting to FortiGuard for the necessary downloads.

    Note: Neither of these subscriptions is required for DDoS Mitigation. They are not DDoS threat signatures as all necessary signatures are included in FortiDDoS firmware. FortiGuard ACLs supplement or offload other networking equipment ACLs. For example, they will prevent connection floods from known malicious actors and/or prevent bots from reaching DDoS controllers.

    FortiGuard Setup Requirements:

    • System mgmt2 port must have internet access and DNS server access

    • NTP and Time Zone must be set

    FortiDDoS connects to FortiGuard via a DNS request an downloads a list of IPs paired with time zones to determine which data center it will access for updates. At the scheduled intervals, it attempts to update the databases. FortiDDoS generates Success/ Fail event logs for each attempt.

    Dashboard > Status and System > FortiGuard provides further details on subscription/ license status, FortiCare status, and last successful FortiGuard connection.

    Available Subscription

    Description

    Configurable Categories

    IP Reputation

    This subscription adds an IP address ACL list for its configurable categories

    Enabled via the IP Profile

    DDoS, Anonymous Proxies, Phishing, Spam, Tor (nodes)

    These are subsets of the larger databases used by FortiGate IP Reputation/web/domain filtering

    Domain Reputation

    This subscription adds a Domain (FQDN) ACL list for its configurable categories

    Enabled via the DNS Profile

    Malicious URLs, Botnet Domains, Bitcoin Mining Domains

    These are subsets of the larger databases used by FortiGate web/domain filtering
    To configure FortiGuard:
    1. Go to System/FortiGuard. This dashboard displays license and registration status, including status for the FortiGuard IP Reputation and Domain Reputation Services.
    2. Click Upload License to import a license file.

    FortiGuard update schedule and proxy tunneling settings

    Setting

    Description
    Scheduled Update Enable/disable FortiGuard scheduled updating
    Scheduled Update Frequency

    Every - every available update as they come

    Daily - daily scheduled updates

    Weekly - update will occur weekly, every 7 days on the scheduled update day that you set
    Scheduled Update Day Use when Scheduled Update Frequency is Weekly. The day of the week when the update will occur.
    Scheduled Update Time HH:MM. The time of day when the update will occur.

    Override Server

    Do not use - leave disabled

    Override Server Address

    Do not use

    Tunneling

    Enable to use a web proxy server IP address.

    If the proxy server requires an FQDN, see Tunneling DNS below

    Note, if Tunneling is not enabled, the options below will not show on the GUI.

    Tunneling IP Address

    Web proxy server IP address.

    Tunneling Port

    Port for the web proxy server.

    Tunneling Username

    Administrator username for the web proxy server.

    Tunneling Password

    Password for the web proxy server.

    Tunneling DNS

    If this checkbox is disabled FortiDDoS uses the IP address of the closest FortiGuard server (as determined by Time Zone) to FortiDDoS in the “CONNECT” message.

    Enable this checkbox if your Proxy server requires an FQDN in the “CONNECT” message. FortiDDoS automatically inserts the correct FortiGuard FQDN (update.fortiguard.net).
    License Information

    The License Information table on this page provides current status of:

    • FortiCare Firmware and Enhanced Support

    • IP and Domain Reputation license subscription

      • Status

      • Version and date created (not downloaded) of the databases

      • Last successful check of FortiGuard databases

    Tooltip

    To configure FortiGuard access using the CLI:

    config system fortiguard

    set scheduled-update-status {enable|disable}

    set scheduled-update-frequency {daily|weekly}

    set scheduled-update-day {Sunday|Monday|Tuesday|Wednesday|Thursday|Friday|Saturday}

    set scheduled-update-time <HH:MM>

    set override-server-status {enable|disable}

    set override-server-address <IP address>

    set tunneling-status {enable|disable}

    set tunneling-address <IP address>

    set tunneling-port <0-65535>

    set tunneling-username <string>

    set tunneling-password <string>

    end
    Previous
    Next