Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

av-ips

Use the following commands to configure antivirus and IPS related settings.

av-ips advanced-log

Use this command to enable logging of FortiGuard antivirus and IPS update packages received by the FortiManager unit’s built-in FDS from the external FDS.

Syntax

config fmupdate av-ips advanced-log

set log-fortigate {enable | disable}

set log-server {enable | disable}

end

Variable

Description

log-fortigate {enable | disable}

Enable/disable logging of FortiGuard antivirus and IPS service updates of FortiGate devices. Default: disable

log-server {enable | disable}

Enable/disable logging of update packages received by the built-in FDS server. Default: disable

Example

You could enable logging of FortiGuard antivirus updates to FortiClient installations and update packages downloaded by the built-in FDS from the FDS.

config fmupdate av-ips advanced-log

set log-forticlient enable

set log-server enable

end

av-ips fct server-override

Use this command to override the default IPv4 or IPv6 address and port that the built-in FDS contacts when requesting FortiGuard antivirus updates for FortiClient from the FDS.

Syntax

config fmupdate av-ips fct server-override

set status {enable | disable}

config servlist

edit <id>

set ip <ipv4_address>

set ip6 <ipv6_address>

set port <integer>

end

end

Variable

Description

status {enable | disable}

Enable/disable the override. Default: disable

Variables for config servlistsubcommand:

<id>

Override server ID (1-10).

ip <ipv4_address>

Enter the IPv4 address of the override server. Default: 0.0.0.0

ip6 <ipv6_address>

Enter the IPv6 address of the override server.

port <integer>

Enter the port number to use when contacting the FDS. Default: 443. Range: 1 to 65535

Example

You could configure the FortiManager unit’s built-in FDS to use a specific FDN server and a different port when retrieving FortiGuard antivirus updates for FortiClient from the FDS.

config fmupdate av-ips fct server-override

set status enable

config servlist

edit 1

set ip 192.168.25.152

set port 80

end

end

av-ips fgt server-override

Use this command to override the default IPv4 or IPv6 address and port that the built-in FDS contacts when requesting FortiGuard antivirus and IPS updates for FortiGate units from the FDS.

Syntax

config fmupdate av-ips fgt server-override

set status {enable | disable}

config servlist

edit <id>

set ip <ipv4_address>

set ip6 <ipv6_address>

set port <integer>

end

end

Variable

Description

status {enable | disable}

Enable/disable the override. Default: disable

Variable for config servlistsubcommand:

<id>

Override server ID (1-10).

ip <ipv4_address>

Enter the IPv4 address of the override server. Default: 0.0.0.0

ip6 <ipv6_address>

Enter the IPv6 address of the override server.

port <integer>

Enter the port number to use when contacting the FDS. Default: 443. Range: 1 to 65535

Example

You could configure the FortiManager unit’s built-in FDS to use a specific FDS server and a different port when retrieving FortiGuard antivirus and IPS updates for FortiGate units from the FDS.

config fmupdate av-ips fgt server-override

set status enable

config servlist

edit 1

set ip 172.27.152.144

set port 8890

end

end

av-ips web-proxy

Use this command to configure a web proxy if FortiGuard antivirus and IPS updates must be retrieved through a web proxy.

Syntax

config fmupdate av-ips web-proxy

set ip <ipv4_address>

set ip6 <ipv6_address>

set mode {proxy | tunnel}

set password <passwd>

set port <integer>

set status {enable | disable}

set username <string>

end

Variable

Description

ip <ipv4_address>

Enter the IPv4 address of the web proxy. Default: 0.0.0.0

ip6 <ipv6_address>

Enter the IPv6 address of the web proxy.

mode {proxy | tunnel}

Enter the web proxy mode. The following options are available: 

  • proxy: HTTP proxy.
  • tunnel: HTTP tunnel.

password <passwd>

If the web proxy requires authentication, enter the password for the user name. Character limit: 63

port <integer>

Enter the port number of the web proxy. Default: 80. Range: 1 to 65535

status {enable | disable}

Enable/disable connections through the web proxy. Default: disable

username <string>

If the web proxy requires authentication, enter the user name. Character limit: 63

Example

You could enable a connection through a non-transparent web proxy on an alternate port.

config fmupdate av-ips web-proxy

set status enable

set mode proxy

set ip 10.10.30.1

set port 8890

set username avipsupdater

set password cvhk3rf3u9jvsYU

end

av-ips

Use the following commands to configure antivirus and IPS related settings.

av-ips advanced-log

Use this command to enable logging of FortiGuard antivirus and IPS update packages received by the FortiManager unit’s built-in FDS from the external FDS.

Syntax

config fmupdate av-ips advanced-log

set log-fortigate {enable | disable}

set log-server {enable | disable}

end

Variable

Description

log-fortigate {enable | disable}

Enable/disable logging of FortiGuard antivirus and IPS service updates of FortiGate devices. Default: disable

log-server {enable | disable}

Enable/disable logging of update packages received by the built-in FDS server. Default: disable

Example

You could enable logging of FortiGuard antivirus updates to FortiClient installations and update packages downloaded by the built-in FDS from the FDS.

config fmupdate av-ips advanced-log

set log-forticlient enable

set log-server enable

end

av-ips fct server-override

Use this command to override the default IPv4 or IPv6 address and port that the built-in FDS contacts when requesting FortiGuard antivirus updates for FortiClient from the FDS.

Syntax

config fmupdate av-ips fct server-override

set status {enable | disable}

config servlist

edit <id>

set ip <ipv4_address>

set ip6 <ipv6_address>

set port <integer>

end

end

Variable

Description

status {enable | disable}

Enable/disable the override. Default: disable

Variables for config servlistsubcommand:

<id>

Override server ID (1-10).

ip <ipv4_address>

Enter the IPv4 address of the override server. Default: 0.0.0.0

ip6 <ipv6_address>

Enter the IPv6 address of the override server.

port <integer>

Enter the port number to use when contacting the FDS. Default: 443. Range: 1 to 65535

Example

You could configure the FortiManager unit’s built-in FDS to use a specific FDN server and a different port when retrieving FortiGuard antivirus updates for FortiClient from the FDS.

config fmupdate av-ips fct server-override

set status enable

config servlist

edit 1

set ip 192.168.25.152

set port 80

end

end

av-ips fgt server-override

Use this command to override the default IPv4 or IPv6 address and port that the built-in FDS contacts when requesting FortiGuard antivirus and IPS updates for FortiGate units from the FDS.

Syntax

config fmupdate av-ips fgt server-override

set status {enable | disable}

config servlist

edit <id>

set ip <ipv4_address>

set ip6 <ipv6_address>

set port <integer>

end

end

Variable

Description

status {enable | disable}

Enable/disable the override. Default: disable

Variable for config servlistsubcommand:

<id>

Override server ID (1-10).

ip <ipv4_address>

Enter the IPv4 address of the override server. Default: 0.0.0.0

ip6 <ipv6_address>

Enter the IPv6 address of the override server.

port <integer>

Enter the port number to use when contacting the FDS. Default: 443. Range: 1 to 65535

Example

You could configure the FortiManager unit’s built-in FDS to use a specific FDS server and a different port when retrieving FortiGuard antivirus and IPS updates for FortiGate units from the FDS.

config fmupdate av-ips fgt server-override

set status enable

config servlist

edit 1

set ip 172.27.152.144

set port 8890

end

end

av-ips web-proxy

Use this command to configure a web proxy if FortiGuard antivirus and IPS updates must be retrieved through a web proxy.

Syntax

config fmupdate av-ips web-proxy

set ip <ipv4_address>

set ip6 <ipv6_address>

set mode {proxy | tunnel}

set password <passwd>

set port <integer>

set status {enable | disable}

set username <string>

end

Variable

Description

ip <ipv4_address>

Enter the IPv4 address of the web proxy. Default: 0.0.0.0

ip6 <ipv6_address>

Enter the IPv6 address of the web proxy.

mode {proxy | tunnel}

Enter the web proxy mode. The following options are available: 

  • proxy: HTTP proxy.
  • tunnel: HTTP tunnel.

password <passwd>

If the web proxy requires authentication, enter the password for the user name. Character limit: 63

port <integer>

Enter the port number of the web proxy. Default: 80. Range: 1 to 65535

status {enable | disable}

Enable/disable connections through the web proxy. Default: disable

username <string>

If the web proxy requires authentication, enter the user name. Character limit: 63

Example

You could enable a connection through a non-transparent web proxy on an alternate port.

config fmupdate av-ips web-proxy

set status enable

set mode proxy

set ip 10.10.30.1

set port 8890

set username avipsupdater

set password cvhk3rf3u9jvsYU

end