Device Firmware and Security Updates

The FortiGuard Distribution Network (FDN) provides FortiGuard services for your FortiManager system and its managed devices and FortiClient agents. The FDN is a world-wide network of FortiGuard Distribution Servers (FDS), which update the FortiGuard services on your FortiManager system on a regular basis so that your FortiManager system is protected against the latest threats.

The FortiGuard services available on the FortiManager system include:

• Antivirus and IPS engines and signatures
• Web filtering and email filtering rating databases and lookups
• Vulnerability scan and management support for FortiAnalyzer

To view and configure these services, go to FortiGuard > Settings.

In FortiGuard Management, you can configure the FortiManager system to act as a local FDS, or use a web proxy server to connect to the FDN. FortiManager systems acting as a local FDS synchronize their FortiGuard service update packages with the FDN, then provide FortiGuard these updates and look up replies to your private network’s FortiGate devices. The local FDS provides a faster connection, reducing Internet connection load and the time required to apply frequent updates, such as antivirus signatures, to many devices.

As an example, you might enable FortiGuard services to FortiGate devices on the built-in FDS, then specify the FortiManager system’s IP address as the override server on your devices. Instead of burdening your Internet connection with all the devices downloading antivirus updates separately, the FortiManager system would use the Internet connection once to download the FortiGate antivirus package update, then redistribute the package to the devices.

FortiGuard Management also includes firmware revision management. To view and configure firmware options, go to FortiGuard > Firmware Images. You can download these images from the Customer Service & Support portal to install on your managed devices or on the FortiManager system.

Before you can use your FortiManager system as a local FDS, you must:

• Register your devices with Fortinet Customer Service & Support and enable the FortiGuard service licenses. See your device documentation for more information on registering your products.
• If the FortiManager system’s Unregistered Device Options do not allow service to unauthorized devices, add your devices to the device list, or change the option to allow service to unauthorized devices. For more information, see the FortiManager CLI Reference.

  For information about FDN service connection attempt handling or adding devices, see Firewall Devices.

• Enable and configure the FortiManager system’s built-in FDS. For more information, see Configuring network interfaces.
• Connect the FortiManager system to the FDN.

  The FortiManager system must retrieve service update packages from the FDN before it can redistribute them to devices and FortiClient agents on the device list. For more information, see Connecting the built-in FDS to the FDN.

• Configure each device or FortiClient endpoint to use the FortiManager system’s built‑in FDS as their override server. You can do this when adding a FortiGate system. For more information, see Adding devices.

This section contains the following topics:

• Settings
• Configuring devices to use the built-in FDS
• Configuring FortiGuard services
• Logging events related to FortiGuard services
• Restoring the URL or antispam database
• Licensing status
• Package management
• Query server management
• Firmware images

For information on current security threats, virus and spam sample submission, and FortiGuard service updates available through the FDN, including antivirus, IPS, web filtering, and email filtering, see the FortiGuard Center website, https://fortiguard.com.