Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 6.4.3 Administration Guide
    6.4.3
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Settings

    Settings

    FortiGuard > Settings provides a central location for configuring and enabling your FortiManager system’s built-in FDS as an FDN override server.

    By default, this option is enabled. After configuring FortiGuard and configuring your devices to use the FortiManager system as their FortiGuard server, you can view overall and per device statistics on FortiGuard service benefits.

    To operate in a closed network, disable communication with the FortiGuard server. See Operating as an FDS in a closed network.

    Enable Communication with FortiGuard Server

    When toggled OFF, you must manually upload packages, databases, and licenses to your FortiManager. See Operating as an FDS in a closed network.

    Communication with FortiGuard Server

    Select Servers Located in the US Only to limit communication to FortiGuard servers located in the USA. Select Global Servers to communicate with servers anywhere.

    Enable Antivirus and IPS Service

    Toggle ON to enable antivirus and intrusion protection service.

    When on, select what versions of FortiGate, FortiClient, FortiAnalyzer, and FortiMail to download updates for.

    Enable Web Filter and Service

    Toggle ON to enable web filter services. When uploaded to FortiManager, the Web Filter database version is displayed.

    Enable Email Filter Service

    Toggle ON to enable email filter services. When uploaded to FortiManager, the Email Filter databases versions are displayed.

    Server Override Mode

    Select Strict (Access Override Server Only) or Loose (Allow Access Other Servers) override mode.

    FortiGuard Antivirus and IPS Settings

    Configure antivirus and IPS settings. See FortiGuard antivirus and IPS settings.

    FortiGuard Web Filter and Email Filter Settings

    Configure web and email filter settings. See FortiGuard web and email filter settings.

    Override FortiGuard Server (Local FortiManager)

    Configure web and email filter settings. See Override FortiGuard server (Local FortiManager).

    FortiGuard antivirus and IPS settings

    In this section you can enable settings for FortiGuard Antivirus and IPS settings. The following settings are available:

    Use Override Server Address for FortiClient

    Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

    To override the default server for updating FortiClient device’s FortiGuard services, see Overriding default IP addresses and ports.

    Use Override Server Address for FortiGate/FortiMail

    Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

    To override the default server for updating FortiGate/FortiMail device’s FortiGuard services, see Overriding default IP addresses and ports.

    Allow Push Update

    Configure to allow urgent or critical updates to be pushed directly to the FortiManager system when they become available on the FDN. The FortiManager system immediately downloads these updates.

    To enable push updates, see Enabling push updates.

    Use Web Proxy

    Configure the FortiManager system’s built-in FDS to connect to the FDN through a web proxy.

    To enable updates using a web proxy, see Enabling updates through a web proxy.

    Scheduled Regular Updates

    Configure when packages are updated without manually initiating an update request.

    To schedule regular service updates, see Scheduling updates.

    Advanced

    Enables logging of service updates and entries.

    If either option is not turned on, you will not be able to view these entries and events when you select View FDS and FortiGuard Download History.

    FortiGuard web and email filter settings

    In this section you can enable settings for FortiGuard Web Filter and Email Filter.

    The following settings are available:

    Connection to FortiGuard Distribution Server(s)

    Configure connections for overriding the default built-in FDS or web proxy server for web filter and email filter settings.

    To override an FDS server for web filter and email filter services, see Overriding default IP addresses and ports.

    To enable web filter and email filter service updates using a web proxy server, see Enabling updates through a web proxy.

    Use Override Server Address for FortiClient

    Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

    Use Override Server Address for FortiGate/FortiMail

    Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

    To override the default server for updating FortiGate device’s FortiGuard services, see Overriding default IP addresses and ports.

    Use Web Proxy

    Configure the FortiManager system’s built-in FDS to connect to the FDN through a web proxy. IPv4 and IPv6 are supported.

    To enable updates using a web proxy, see Enabling updates through a web proxy.

    Polling Frequency

    Configure how often polling is done.

    Log Settings

    Configure logging of FortiGuard server update, web filtering, email filter, and antivirus query events.

    • Log FortiGuard Server Update Events: enable or disable
    • FortiGuard Web Filtering: Choose from Log URL disabled, Log non-URL events, and Log all URL lookups.
    • FortiGuard Anti-spam: Choose from Log Spam disabled, Log non-spam events, and Log all Spam lookups.
    • FortiGuard Anti-virus Query: Choose from Log Virus disabled, Log non-virus events, and Log all Virus lookups.

    To configure logging of FortiGuard web filtering and email filtering events, see Logging FortiGuard web or email filter events.

    Override FortiGuard server (Local FortiManager)

    Configure and enable alternate FortiManager FDS devices, rather than using the local FortiManager system. You can set up as many alternate FDS locations, and select what services are used. The following settings are available:

    Additional number of Private FortiGuard Servers (Excluding This One)

    Select the add icon to add a private FortiGuard server. Select the delete icon to remove entries.

    When adding a private server, you must type its IP address and time zone.

    Enable Antivirus and IPS Update Service for Private Server

    When one or more private FortiGuard servers are configured, update antivirus and IPS through this private server instead of using the default FDN.

    This option is available only when a private server has been configured.

    Enable Web Filter and Email Filter Update Service for Private Server

    When one or more private FortiGuard servers are configured, update the web filter and email filter through this private server instead of using the default FDN.

    This option is available only when a private server has been configured.

    Allow FortiGates to Access Public FortiGuard Servers When Private Servers Unavailable

    When one or more private FortiGuard servers are configured, managed FortiGate units will go to those private servers for FortiGuard updates. Enable this feature to allow those FortiGate units to then try to access the public FDN servers if the private servers are unreachable.

    This option is available only when a private server has been configured.

    The FortiManager system’s network interface settings can restrict which network interfaces provide FDN services. For more information, see Configuring network interfaces.
    Previous
    Next

    Settings

    Settings

    FortiGuard > Settings provides a central location for configuring and enabling your FortiManager system’s built-in FDS as an FDN override server.

    By default, this option is enabled. After configuring FortiGuard and configuring your devices to use the FortiManager system as their FortiGuard server, you can view overall and per device statistics on FortiGuard service benefits.

    To operate in a closed network, disable communication with the FortiGuard server. See Operating as an FDS in a closed network.

    Enable Communication with FortiGuard Server

    When toggled OFF, you must manually upload packages, databases, and licenses to your FortiManager. See Operating as an FDS in a closed network.

    Communication with FortiGuard Server

    Select Servers Located in the US Only to limit communication to FortiGuard servers located in the USA. Select Global Servers to communicate with servers anywhere.

    Enable Antivirus and IPS Service

    Toggle ON to enable antivirus and intrusion protection service.

    When on, select what versions of FortiGate, FortiClient, FortiAnalyzer, and FortiMail to download updates for.

    Enable Web Filter and Service

    Toggle ON to enable web filter services. When uploaded to FortiManager, the Web Filter database version is displayed.

    Enable Email Filter Service

    Toggle ON to enable email filter services. When uploaded to FortiManager, the Email Filter databases versions are displayed.

    Server Override Mode

    Select Strict (Access Override Server Only) or Loose (Allow Access Other Servers) override mode.

    FortiGuard Antivirus and IPS Settings

    Configure antivirus and IPS settings. See FortiGuard antivirus and IPS settings.

    FortiGuard Web Filter and Email Filter Settings

    Configure web and email filter settings. See FortiGuard web and email filter settings.

    Override FortiGuard Server (Local FortiManager)

    Configure web and email filter settings. See Override FortiGuard server (Local FortiManager).

    FortiGuard antivirus and IPS settings

    In this section you can enable settings for FortiGuard Antivirus and IPS settings. The following settings are available:

    Use Override Server Address for FortiClient

    Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

    To override the default server for updating FortiClient device’s FortiGuard services, see Overriding default IP addresses and ports.

    Use Override Server Address for FortiGate/FortiMail

    Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

    To override the default server for updating FortiGate/FortiMail device’s FortiGuard services, see Overriding default IP addresses and ports.

    Allow Push Update

    Configure to allow urgent or critical updates to be pushed directly to the FortiManager system when they become available on the FDN. The FortiManager system immediately downloads these updates.

    To enable push updates, see Enabling push updates.

    Use Web Proxy

    Configure the FortiManager system’s built-in FDS to connect to the FDN through a web proxy.

    To enable updates using a web proxy, see Enabling updates through a web proxy.

    Scheduled Regular Updates

    Configure when packages are updated without manually initiating an update request.

    To schedule regular service updates, see Scheduling updates.

    Advanced

    Enables logging of service updates and entries.

    If either option is not turned on, you will not be able to view these entries and events when you select View FDS and FortiGuard Download History.

    FortiGuard web and email filter settings

    In this section you can enable settings for FortiGuard Web Filter and Email Filter.

    The following settings are available:

    Connection to FortiGuard Distribution Server(s)

    Configure connections for overriding the default built-in FDS or web proxy server for web filter and email filter settings.

    To override an FDS server for web filter and email filter services, see Overriding default IP addresses and ports.

    To enable web filter and email filter service updates using a web proxy server, see Enabling updates through a web proxy.

    Use Override Server Address for FortiClient

    Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

    Use Override Server Address for FortiGate/FortiMail

    Configure to override the default built-in FDS so that you can use a port or specific FDN server. Select the add icon to add additional override servers, up to a maximum of ten. Select the delete icon to remove entries.

    To override the default server for updating FortiGate device’s FortiGuard services, see Overriding default IP addresses and ports.

    Use Web Proxy

    Configure the FortiManager system’s built-in FDS to connect to the FDN through a web proxy. IPv4 and IPv6 are supported.

    To enable updates using a web proxy, see Enabling updates through a web proxy.

    Polling Frequency

    Configure how often polling is done.

    Log Settings

    Configure logging of FortiGuard server update, web filtering, email filter, and antivirus query events.

    • Log FortiGuard Server Update Events: enable or disable
    • FortiGuard Web Filtering: Choose from Log URL disabled, Log non-URL events, and Log all URL lookups.
    • FortiGuard Anti-spam: Choose from Log Spam disabled, Log non-spam events, and Log all Spam lookups.
    • FortiGuard Anti-virus Query: Choose from Log Virus disabled, Log non-virus events, and Log all Virus lookups.

    To configure logging of FortiGuard web filtering and email filtering events, see Logging FortiGuard web or email filter events.

    Override FortiGuard server (Local FortiManager)

    Configure and enable alternate FortiManager FDS devices, rather than using the local FortiManager system. You can set up as many alternate FDS locations, and select what services are used. The following settings are available:

    Additional number of Private FortiGuard Servers (Excluding This One)

    Select the add icon to add a private FortiGuard server. Select the delete icon to remove entries.

    When adding a private server, you must type its IP address and time zone.

    Enable Antivirus and IPS Update Service for Private Server

    When one or more private FortiGuard servers are configured, update antivirus and IPS through this private server instead of using the default FDN.

    This option is available only when a private server has been configured.

    Enable Web Filter and Email Filter Update Service for Private Server

    When one or more private FortiGuard servers are configured, update the web filter and email filter through this private server instead of using the default FDN.

    This option is available only when a private server has been configured.

    Allow FortiGates to Access Public FortiGuard Servers When Private Servers Unavailable

    When one or more private FortiGuard servers are configured, managed FortiGate units will go to those private servers for FortiGuard updates. Enable this feature to allow those FortiGate units to then try to access the public FDN servers if the private servers are unreachable.

    This option is available only when a private server has been configured.

    The FortiManager system’s network interface settings can restrict which network interfaces provide FDN services. For more information, see Configuring network interfaces.
    Previous
    Next