Fortinet black logo

New Features

Home FortiManager 7.0.0 New Features
7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0

Local FortiGuard Distribution Server enhancements 7.0.1

Local FortiGuard Distribution Server enhancements 7.0.1

The FortiGuard module includes several enhancements when FortiManager is used as a dedicated FortiGuard Distribution Server (FDS):

FortiDeceptor and FortiTester

You can now use FortiManager as a local FDS server for FortiDeceptor and FortiTester. Go to FortiGuard > Settings to view the FortiDeceptor and FortiTester options:

You can also configure downloads for FortiDeceptor and FortiTester by using the CLI:

config fmupdate fds-setting

set system-support-fdc 3.x <---- new

set system-support-fgt 6.4 7.0

set system-support-fml 6.4

set system-support-fsa 4.x 3.0 3.1 3.2 <---- version 4.0 is new

set system-support-fts 4.x <---- new

end

Download prioritization

When FortiManager is acting as a local FDS, you can prioritize downloads from FortiGuard to FortiManager by product and version and/or package. This is useful when you have limited network access.

Before you can specify a priority list, you must enable products and versions for prioritization.

To enable products and versions for prioritization:
  1. Go to FortiGuard > Settings.
  2. Under Enable AntiVirus and IPS Service, select the versions for each product, and click Apply.
To enable product download prioritization:
  1. Go to FortiGuard > Download Prioritization, and toggle Enable by Product to ON.

  2. Add products to the priority list:
    1. In the toolbar, click Create New.

      The Create Download Prioritization dialog box is displayed.

    2. Beside Products, click the box, and select one or more products and versions, and click OK.

      The selected products are displayed in the product list.

    3. Click OK.

      The products are displayed in the priority list.

  3. Specify the download priority for products:
    1. Select one or more products, and click Move To.

      The Move To dialog box is displayed.

    2. Beside To #, select Before or After, and click the box to use the up and down arrows to position the selected products in the priority list.
    3. Click OK.

      The products are moved, and the updated priority list is displayed.

      You can remove products from the priority list. Select one or more products, and click Delete.

  4. (Optional) Add packages to the priority list.
To enable package download prioritization:
  1. Go to FortiGuard > Download Prioritization, and toggle Enable by Package to ON.
  2. Add packages to the priority list:
    1. In the toolbar, click Create New.

      The Create Download Prioritization dialog box is displayed.

    2. Beside Packages, click the box, and select one or more packages, and click OK.

      The selected packages are displayed in the packages list.

    3. Click OK.

      The packages are displayed in the priority list.

  3. Specify the download priority for the packages:
    1. Select one or more packages, and click Move To.

      The Move To dialog box is displayed.

    2. Beside To #, select Before or After, and click the box to use the up and down arrows to position the selected packages in the priority list.
    3. Click OK.

      The packages are moved, and the updated priority list is displayed.

      You can remove packages from the priority list. Select one or more packages, and click Delete.

  4. (Optional) Add products and versions to the priority list.

IoT packages

The FortiGuard module now supports the download of packages for the Internet of Things (IoT) service. Following is a summary of how FortiManager handles the IoT packages:

  1. FortiManager downloads packages from FortiGuard.
  2. FortiManager merges the downloaded packages into Run Database.
  3. FortiManager provides the query service.
Note

Downloads of IoT packages from FortiGuard to FortiManager are currently supported only when Anycast is enabled on FortiManager.

The following new options have been added to the diagnose command:

diagnose fmupdate fgd-dbver [wf|as1|as2|as4|av-query|fq|av2|geoip|iots|iotr|iotm]

diagnose fmupdate fgd-del-db [wf|as|av-query|file-query|av2|iot]

Use the diagnose fmupdate fgd-dbver command to view the following databases for IoT packages:

  • iots: IoT single MAC database

    object ID: 00000000IOTS0000

    Contains IoT info with entry of a single MAC. Considered a delta object because each version contains parts of data, and FortiManager merges all valid data, which is the same as the URL query service.

  • iotr: IoT range MAC database

    object ID: 00000000IOTR0000

    Contains IoT info with entry of a MAC range. Considered a regular object, and FortiManager uses only the latest version.

  • iotm: IoT mapping database

    object ID: 00000000IOTR0000

    Regular object used to map the info data to strings in tag-length-value (TLV) format.

To configure IoT package download:
  1. Enable Anycast on FortiManager:

    config fmupdate fds-setting

    set fortiguard-anycast enable

    end

  2. Enable download of IoT packages:

    config fmupdate service

    set query-iot enable

    end

  3. Configure downloading of IoT packages:

    config fmupdate web-spam fgd-setting

    set iot-log nofilequery

    set iot-preload enable

    set restrict-iots-dbver <string>

    end

Previous
Next

Local FortiGuard Distribution Server enhancements 7.0.1

The FortiGuard module includes several enhancements when FortiManager is used as a dedicated FortiGuard Distribution Server (FDS):

FortiDeceptor and FortiTester

You can now use FortiManager as a local FDS server for FortiDeceptor and FortiTester. Go to FortiGuard > Settings to view the FortiDeceptor and FortiTester options:

You can also configure downloads for FortiDeceptor and FortiTester by using the CLI:

config fmupdate fds-setting

set system-support-fdc 3.x <---- new

set system-support-fgt 6.4 7.0

set system-support-fml 6.4

set system-support-fsa 4.x 3.0 3.1 3.2 <---- version 4.0 is new

set system-support-fts 4.x <---- new

end

Download prioritization

When FortiManager is acting as a local FDS, you can prioritize downloads from FortiGuard to FortiManager by product and version and/or package. This is useful when you have limited network access.

Before you can specify a priority list, you must enable products and versions for prioritization.

To enable products and versions for prioritization:
  1. Go to FortiGuard > Settings.
  2. Under Enable AntiVirus and IPS Service, select the versions for each product, and click Apply.
To enable product download prioritization:
  1. Go to FortiGuard > Download Prioritization, and toggle Enable by Product to ON.

  2. Add products to the priority list:
    1. In the toolbar, click Create New.

      The Create Download Prioritization dialog box is displayed.

    2. Beside Products, click the box, and select one or more products and versions, and click OK.

      The selected products are displayed in the product list.

    3. Click OK.

      The products are displayed in the priority list.

  3. Specify the download priority for products:
    1. Select one or more products, and click Move To.

      The Move To dialog box is displayed.

    2. Beside To #, select Before or After, and click the box to use the up and down arrows to position the selected products in the priority list.
    3. Click OK.

      The products are moved, and the updated priority list is displayed.

      You can remove products from the priority list. Select one or more products, and click Delete.

  4. (Optional) Add packages to the priority list.
To enable package download prioritization:
  1. Go to FortiGuard > Download Prioritization, and toggle Enable by Package to ON.
  2. Add packages to the priority list:
    1. In the toolbar, click Create New.

      The Create Download Prioritization dialog box is displayed.

    2. Beside Packages, click the box, and select one or more packages, and click OK.

      The selected packages are displayed in the packages list.

    3. Click OK.

      The packages are displayed in the priority list.

  3. Specify the download priority for the packages:
    1. Select one or more packages, and click Move To.

      The Move To dialog box is displayed.

    2. Beside To #, select Before or After, and click the box to use the up and down arrows to position the selected packages in the priority list.
    3. Click OK.

      The packages are moved, and the updated priority list is displayed.

      You can remove packages from the priority list. Select one or more packages, and click Delete.

  4. (Optional) Add products and versions to the priority list.

IoT packages

The FortiGuard module now supports the download of packages for the Internet of Things (IoT) service. Following is a summary of how FortiManager handles the IoT packages:

  1. FortiManager downloads packages from FortiGuard.
  2. FortiManager merges the downloaded packages into Run Database.
  3. FortiManager provides the query service.
Note

Downloads of IoT packages from FortiGuard to FortiManager are currently supported only when Anycast is enabled on FortiManager.

The following new options have been added to the diagnose command:

diagnose fmupdate fgd-dbver [wf|as1|as2|as4|av-query|fq|av2|geoip|iots|iotr|iotm]

diagnose fmupdate fgd-del-db [wf|as|av-query|file-query|av2|iot]

Use the diagnose fmupdate fgd-dbver command to view the following databases for IoT packages:

  • iots: IoT single MAC database

    object ID: 00000000IOTS0000

    Contains IoT info with entry of a single MAC. Considered a delta object because each version contains parts of data, and FortiManager merges all valid data, which is the same as the URL query service.

  • iotr: IoT range MAC database

    object ID: 00000000IOTR0000

    Contains IoT info with entry of a MAC range. Considered a regular object, and FortiManager uses only the latest version.

  • iotm: IoT mapping database

    object ID: 00000000IOTR0000

    Regular object used to map the info data to strings in tag-length-value (TLV) format.

To configure IoT package download:
  1. Enable Anycast on FortiManager:

    config fmupdate fds-setting

    set fortiguard-anycast enable

    end

  2. Enable download of IoT packages:

    config fmupdate service

    set query-iot enable

    end

  3. Configure downloading of IoT packages:

    config fmupdate web-spam fgd-setting

    set iot-log nofilequery

    set iot-preload enable

    set restrict-iots-dbver <string>

    end

Previous
Next