Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Settings

FortiGuard > Settings provides a central location for configuring and enabling your FortiManager system’s built-in FDS as an FDN override server.

By default, this option is enabled. After configuring FortiGuard and configuring your devices to use the FortiManager system as their FortiGuard server, you can view overall and per device statistics on FortiGuard service benefits.

To operate in a closed network, disable communication with the FortiGuard server. See Operating as an FDS in a closed network.

Enable Communication with FortiGuard Server

When toggled OFF, you must manually upload packages, databases, and licenses to your FortiManager. See Operating as an FDS in a closed network.

Communication with FortiGuard Server

Select Servers Located in the US Only to limit communication to FortiGuard servers located in the USA. Select Global Servers to communicate with servers anywhere.

Enable Antivirus and IPS Service

Toggle ON to enable antivirus and intrusion protection service.

When on, select what versions of FortiGate, FortiClient, FortiAnalyzer, and FortiMail to download updates for.

Enable Web Filter and Service

Toggle ON to enable web filter services. When uploaded to FortiManager, the Web Filter database version is displayed.

Enable Email Filter Service

Toggle ON to enable email filter services. When uploaded to FortiManager, the Email Filter databases versions are displayed.

Server Override Mode

Select Strict (Access Override Server Only) or Loose (Allow Access Other Servers) override mode.

FortiGuard Antivirus and IPS Settings

Configure antivirus and IPS settings. See FortiGuard antivirus and IPS settings.

FortiGuard Web Filter and Email Filter Settings

Configure web and email filter settings. See FortiGuard web and email filter settings.

Override FortiGuard Server (Local FortiManager)

Configure web and email filter settings. See Override FortiGuard server (Local FortiManager).

FortiGuard antivirus and IPS settings

In this section you can enable settings for FortiGuard Antivirus and IPS settings. The following settings are available:

Use Override Server Address for FortiClient

Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

To override the default server for updating FortiClient device’s FortiGuard services, see Overriding default IP addresses and ports.

Use Override Server Address for FortiGate/FortiMail

Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

To override the default server for updating FortiGate/FortiMail device’s FortiGuard services, see Overriding default IP addresses and ports.

Allow Push Update

Configure to allow urgent or critical updates to be pushed directly to the FortiManager system when they become available on the FDN. The FortiManager system immediately downloads these updates.

To enable push updates, see Enabling push updates.

Use Web Proxy

Configure the FortiManager system’s built-in FDS to connect to the FDN through a web proxy.

To enable updates using a web proxy, see Enabling updates through a web proxy.

Scheduled Regular Updates

Configure when packages are updated without manually initiating an update request.

To schedule regular service updates, see Scheduling updates.

Advanced

Enables logging of service updates and entries.

If either option is not turned on, you will not be able to view these entries and events when you select View FDS and FortiGuard Download History.

FortiGuard web and email filter settings

In this section you can enable settings for FortiGuard Web Filter and Email Filter.

The following settings are available:

Connection to FortiGuard Distribution Server(s)

Configure connections for overriding the default built-in FDS or web proxy server for web filter and email filter settings.

To override an FDS server for web filter and email filter services, see Overriding default IP addresses and ports.

To enable web filter and email filter service updates using a web proxy server, see Enabling updates through a web proxy.

Use Override Server Address for FortiClient

Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

Use Override Server Address for FortiGate/FortiMail

Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

To override the default server for updating FortiGate device’s FortiGuard services, see Overriding default IP addresses and ports.

Use Web Proxy

Configure the FortiManager system’s built-in FDS to connect to the FDN through a web proxy. IPv4 and IPv6 are supported.

To enable updates using a web proxy, see Enabling updates through a web proxy.

Polling Frequency

Configure how often polling is done.

Log Settings

Configure logging of FortiGuard server update, web filtering, email filter, and antivirus query events.

  • Log FortiGuard Server Update Events: enable or disable
  • FortiGuard Web Filtering: Choose from Log URL disabled, Log non-URL events, and Log all URL lookups.
  • FortiGuard Anti-spam: Choose from Log Spam disabled, Log non-spam events, and Log all Spam lookups.
  • FortiGuard Anti-virus Query: Choose from Log Virus disabled, Log non-virus events, and Log all Virus lookups.

To configure logging of FortiGuard web filtering and email filtering events, see Logging FortiGuard web or email filter events.

Override FortiGuard server (Local FortiManager)

Configure and enable alternate FortiManager FDS devices, rather than using the local FortiManager system. You can set up as many alternate FDS locations, and select what services are used. The following settings are available:

Additional number of Private FortiGuard Servers (Excluding This One)

Select the add icon to add a private FortiGuard server. Select the delete icon to remove entries.

When adding a private server, you must type its IP address and time zone.

Enable Antivirus and IPS Update Service for Private Server

When one or more private FortiGuard servers are configured, update antivirus and IPS through this private server instead of using the default FDN.

This option is available only when a private server has been configured.

Enable Web Filter and Email Filter Update Service for Private Server

When one or more private FortiGuard servers are configured, update the web filter and email filter through this private server instead of using the default FDN.

This option is available only when a private server has been configured.

Allow FortiGates to Access Public FortiGuard Servers When Private Servers Unavailable

When one or more private FortiGuard servers are configured, managed FortiGate units will go to those private servers for FortiGuard updates. Enable this feature to allow those FortiGate units to then try to access the public FDN servers if the private servers are unreachable.

This option is available only when a private server has been configured.

The FortiManager system’s network interface settings can restrict which network interfaces provide FDN services. For more information, see Configuring network interfaces.

Settings

FortiGuard > Settings provides a central location for configuring and enabling your FortiManager system’s built-in FDS as an FDN override server.

By default, this option is enabled. After configuring FortiGuard and configuring your devices to use the FortiManager system as their FortiGuard server, you can view overall and per device statistics on FortiGuard service benefits.

To operate in a closed network, disable communication with the FortiGuard server. See Operating as an FDS in a closed network.

Enable Communication with FortiGuard Server

When toggled OFF, you must manually upload packages, databases, and licenses to your FortiManager. See Operating as an FDS in a closed network.

Communication with FortiGuard Server

Select Servers Located in the US Only to limit communication to FortiGuard servers located in the USA. Select Global Servers to communicate with servers anywhere.

Enable Antivirus and IPS Service

Toggle ON to enable antivirus and intrusion protection service.

When on, select what versions of FortiGate, FortiClient, FortiAnalyzer, and FortiMail to download updates for.

Enable Web Filter and Service

Toggle ON to enable web filter services. When uploaded to FortiManager, the Web Filter database version is displayed.

Enable Email Filter Service

Toggle ON to enable email filter services. When uploaded to FortiManager, the Email Filter databases versions are displayed.

Server Override Mode

Select Strict (Access Override Server Only) or Loose (Allow Access Other Servers) override mode.

FortiGuard Antivirus and IPS Settings

Configure antivirus and IPS settings. See FortiGuard antivirus and IPS settings.

FortiGuard Web Filter and Email Filter Settings

Configure web and email filter settings. See FortiGuard web and email filter settings.

Override FortiGuard Server (Local FortiManager)

Configure web and email filter settings. See Override FortiGuard server (Local FortiManager).

FortiGuard antivirus and IPS settings

In this section you can enable settings for FortiGuard Antivirus and IPS settings. The following settings are available:

Use Override Server Address for FortiClient

Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

To override the default server for updating FortiClient device’s FortiGuard services, see Overriding default IP addresses and ports.

Use Override Server Address for FortiGate/FortiMail

Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

To override the default server for updating FortiGate/FortiMail device’s FortiGuard services, see Overriding default IP addresses and ports.

Allow Push Update

Configure to allow urgent or critical updates to be pushed directly to the FortiManager system when they become available on the FDN. The FortiManager system immediately downloads these updates.

To enable push updates, see Enabling push updates.

Use Web Proxy

Configure the FortiManager system’s built-in FDS to connect to the FDN through a web proxy.

To enable updates using a web proxy, see Enabling updates through a web proxy.

Scheduled Regular Updates

Configure when packages are updated without manually initiating an update request.

To schedule regular service updates, see Scheduling updates.

Advanced

Enables logging of service updates and entries.

If either option is not turned on, you will not be able to view these entries and events when you select View FDS and FortiGuard Download History.

FortiGuard web and email filter settings

In this section you can enable settings for FortiGuard Web Filter and Email Filter.

The following settings are available:

Connection to FortiGuard Distribution Server(s)

Configure connections for overriding the default built-in FDS or web proxy server for web filter and email filter settings.

To override an FDS server for web filter and email filter services, see Overriding default IP addresses and ports.

To enable web filter and email filter service updates using a web proxy server, see Enabling updates through a web proxy.

Use Override Server Address for FortiClient

Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

Use Override Server Address for FortiGate/FortiMail

Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

To override the default server for updating FortiGate device’s FortiGuard services, see Overriding default IP addresses and ports.

Use Web Proxy

Configure the FortiManager system’s built-in FDS to connect to the FDN through a web proxy. IPv4 and IPv6 are supported.

To enable updates using a web proxy, see Enabling updates through a web proxy.

Polling Frequency

Configure how often polling is done.

Log Settings

Configure logging of FortiGuard server update, web filtering, email filter, and antivirus query events.

  • Log FortiGuard Server Update Events: enable or disable
  • FortiGuard Web Filtering: Choose from Log URL disabled, Log non-URL events, and Log all URL lookups.
  • FortiGuard Anti-spam: Choose from Log Spam disabled, Log non-spam events, and Log all Spam lookups.
  • FortiGuard Anti-virus Query: Choose from Log Virus disabled, Log non-virus events, and Log all Virus lookups.

To configure logging of FortiGuard web filtering and email filtering events, see Logging FortiGuard web or email filter events.

Override FortiGuard server (Local FortiManager)

Configure and enable alternate FortiManager FDS devices, rather than using the local FortiManager system. You can set up as many alternate FDS locations, and select what services are used. The following settings are available:

Additional number of Private FortiGuard Servers (Excluding This One)

Select the add icon to add a private FortiGuard server. Select the delete icon to remove entries.

When adding a private server, you must type its IP address and time zone.

Enable Antivirus and IPS Update Service for Private Server

When one or more private FortiGuard servers are configured, update antivirus and IPS through this private server instead of using the default FDN.

This option is available only when a private server has been configured.

Enable Web Filter and Email Filter Update Service for Private Server

When one or more private FortiGuard servers are configured, update the web filter and email filter through this private server instead of using the default FDN.

This option is available only when a private server has been configured.

Allow FortiGates to Access Public FortiGuard Servers When Private Servers Unavailable

When one or more private FortiGuard servers are configured, managed FortiGate units will go to those private servers for FortiGuard updates. Enable this feature to allow those FortiGate units to then try to access the public FDN servers if the private servers are unreachable.

This option is available only when a private server has been configured.

The FortiManager system’s network interface settings can restrict which network interfaces provide FDN services. For more information, see Configuring network interfaces.