Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

fds-setting

Use this command to set FDS settings.

Syntax

config fmupdate fds-setting

set fds-pull-interval <integer>

set fds-ssl-protocol

set fmtr-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

set linkd-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

set max-av-ips-version <integer>

set max-work <integer>

set system-support-faz {4.x | 5.0 | 5.2 | 5.4}

set system-support-fct {4.x | 5.0 | 5.2 | 5.4}

set system-support-fgt {4.x | 5.0 | 5.2 | 5.4}

set system-support-fml {4.x | 5.0 | 5.2 | 5.4}

set system-support-fsa {1.x | 2.x}

set system-support-fsw {4.x | 5.0 | 5.2 | 5.4}

set umsvc-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

set unreg-dev-option {add-service | ignore | svc-only}

set User-Agent <text>

end

Variable

Description

fds-pull-interval <integer>

Time interval FortiManager may pull updates from FDS, in minutes (1 - 1440, default = 10).

fds-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2}

Set the SSL protocols version for FDS service (default = tlsv1.0).

fmtr-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

The fmtr log level. Set to disable to disable the log (default = info).

linkd-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

The linkd log level (default = info).

max-av-ips-version <integer>

The maximum number of AV/IPS full version downloadable packages (1 - 1000, default = 20).

max-work <integer>

The maximum number of worker processing downlink requests (1 - 32, default = 1).

system-support-faz {4.x | 5.0 | 5.2 | 5.4}

Set the FortiAnalyzer support version.

system-support-fct {4.x | 5.0 | 5.2 | 5.4}

Set the FortiClient support version.

system-support-fgt {4.x | 5.0 | 5.2 | 5.4}

Set the FortiGate support version.

system-support-fml {4.x | 5.0 | 5.2 | 5.4}

Set the FortiMail support version.

system-support-fsa {1.x | 2.x}

Set the FortiSandbox support version.

system-support-fsw {4.x | 5.0 | 5.2 | 5.4}

Set the FortiSwitch support version.

umsvc-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

The um_service log level (default = info).

unreg-dev-option {add-service | ignore | svc-only}

Set the option for unregistered devices:

  • add-service: Add unregistered devices and allow update request (default).
  • ignore: Ignore all unregistered devices.
  • svc-only: Allow update request without add unregistered device.

User-Agent <text>

Configure the User-Agent string.

fds-setting push-override

Use this command to enable or disable push updates, and to override the default IP address and port to which the FDS sends FortiGuard antivirus and IPS push messages.

This is useful if push notifications must be sent to an IP address and/or port other than the FortiManager unit, such as the external or virtual IP address of a NAT device that forwards traffic to the FortiManager unit.

Syntax

config fmupdate fds-setting

config push-override

set ip <ipv_address>

set port <integer>

set status {enable | disable}

end

end

Variable

Description

ip <ipv_address>

Enter the external or virtual IP address of the NAT device that will forward push messages to the FortiManager unit (default = 0.0.0.0).

port <integer>

Enter the receiving port number on the NAT device (1 - 65535, default = 9443).

status {enable | disable}

Enable/disable the push updates (default = disable).

Example

You could enable the FortiManager unit’s built-in FDS to receive push messages.

If there is a NAT device or firewall between the FortiManager unit and the FDS, you could also notify the FDS to send push messages to the external IP address of the NAT device, instead of the FortiManager unit’s private network IP address.

config fmupdate fds-setting

config push-override

set status enable

set ip 172.16.124.135

set port 9000

end

end

You would then configure port forwarding on the NAT device, forwarding push messages received on User Datagram Protocol (UDP) port 9000 to the FortiManager unit on UDP port 9443.

fds-setting push-override-to-client

Use this command to enable or disable push updates, and to override the default IP address and port to which the FDS sends FortiGuard antivirus and IPS push messages.

This command is useful if push notifications must be sent to an IP address and/or port other than the FortiManager unit, such as the external or virtual IP address of a NAT device that forwards traffic to the FortiManager unit.

Syntax

config fmupdate fds-setting

config push-override-to-client

set status {enable | disable}

config <announce-ip>

edit <id>

set ip <ip_address>

set port <integer>

end

end

end

Variable

Description

status {enable | disable}

Enable/disable the push updates. Default: disable

<announce-ip>

Configure the IP address information of the device.

Variables for config announce-ip subcommand:

<id>

Edit the announce IP address ID.

ip <ip_address>

Enter the announce IP address (default = 0.0.0.0).

port <integer>

Enter the announce IP port (1 - 65535, default = 8890).

fds-setting

Use this command to set FDS settings.

Syntax

config fmupdate fds-setting

set fds-pull-interval <integer>

set fds-ssl-protocol

set fmtr-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

set linkd-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

set max-av-ips-version <integer>

set max-work <integer>

set system-support-faz {4.x | 5.0 | 5.2 | 5.4}

set system-support-fct {4.x | 5.0 | 5.2 | 5.4}

set system-support-fgt {4.x | 5.0 | 5.2 | 5.4}

set system-support-fml {4.x | 5.0 | 5.2 | 5.4}

set system-support-fsa {1.x | 2.x}

set system-support-fsw {4.x | 5.0 | 5.2 | 5.4}

set umsvc-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

set unreg-dev-option {add-service | ignore | svc-only}

set User-Agent <text>

end

Variable

Description

fds-pull-interval <integer>

Time interval FortiManager may pull updates from FDS, in minutes (1 - 1440, default = 10).

fds-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2}

Set the SSL protocols version for FDS service (default = tlsv1.0).

fmtr-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

The fmtr log level. Set to disable to disable the log (default = info).

linkd-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

The linkd log level (default = info).

max-av-ips-version <integer>

The maximum number of AV/IPS full version downloadable packages (1 - 1000, default = 20).

max-work <integer>

The maximum number of worker processing downlink requests (1 - 32, default = 1).

system-support-faz {4.x | 5.0 | 5.2 | 5.4}

Set the FortiAnalyzer support version.

system-support-fct {4.x | 5.0 | 5.2 | 5.4}

Set the FortiClient support version.

system-support-fgt {4.x | 5.0 | 5.2 | 5.4}

Set the FortiGate support version.

system-support-fml {4.x | 5.0 | 5.2 | 5.4}

Set the FortiMail support version.

system-support-fsa {1.x | 2.x}

Set the FortiSandbox support version.

system-support-fsw {4.x | 5.0 | 5.2 | 5.4}

Set the FortiSwitch support version.

umsvc-log {alert | critical | debug | disable | emergency | error | info | notice | warn}

The um_service log level (default = info).

unreg-dev-option {add-service | ignore | svc-only}

Set the option for unregistered devices:

  • add-service: Add unregistered devices and allow update request (default).
  • ignore: Ignore all unregistered devices.
  • svc-only: Allow update request without add unregistered device.

User-Agent <text>

Configure the User-Agent string.

fds-setting push-override

Use this command to enable or disable push updates, and to override the default IP address and port to which the FDS sends FortiGuard antivirus and IPS push messages.

This is useful if push notifications must be sent to an IP address and/or port other than the FortiManager unit, such as the external or virtual IP address of a NAT device that forwards traffic to the FortiManager unit.

Syntax

config fmupdate fds-setting

config push-override

set ip <ipv_address>

set port <integer>

set status {enable | disable}

end

end

Variable

Description

ip <ipv_address>

Enter the external or virtual IP address of the NAT device that will forward push messages to the FortiManager unit (default = 0.0.0.0).

port <integer>

Enter the receiving port number on the NAT device (1 - 65535, default = 9443).

status {enable | disable}

Enable/disable the push updates (default = disable).

Example

You could enable the FortiManager unit’s built-in FDS to receive push messages.

If there is a NAT device or firewall between the FortiManager unit and the FDS, you could also notify the FDS to send push messages to the external IP address of the NAT device, instead of the FortiManager unit’s private network IP address.

config fmupdate fds-setting

config push-override

set status enable

set ip 172.16.124.135

set port 9000

end

end

You would then configure port forwarding on the NAT device, forwarding push messages received on User Datagram Protocol (UDP) port 9000 to the FortiManager unit on UDP port 9443.

fds-setting push-override-to-client

Use this command to enable or disable push updates, and to override the default IP address and port to which the FDS sends FortiGuard antivirus and IPS push messages.

This command is useful if push notifications must be sent to an IP address and/or port other than the FortiManager unit, such as the external or virtual IP address of a NAT device that forwards traffic to the FortiManager unit.

Syntax

config fmupdate fds-setting

config push-override-to-client

set status {enable | disable}

config <announce-ip>

edit <id>

set ip <ip_address>

set port <integer>

end

end

end

Variable

Description

status {enable | disable}

Enable/disable the push updates. Default: disable

<announce-ip>

Configure the IP address information of the device.

Variables for config announce-ip subcommand:

<id>

Edit the announce IP address ID.

ip <ip_address>

Enter the announce IP address (default = 0.0.0.0).

port <integer>

Enter the announce IP port (1 - 65535, default = 8890).