You can enable download of packages for the Internet of Things (IoT) service by using the CLI. Following is a summary of how FortiManager handles the IoT packages:
- FortiManager downloads packages from FortiGuard.
- FortiManager merges the downloaded packages into Run Database.
- FortiManager provides the query service.
Downloads of IoT packages from FortiGuard to FortiManager are currently supported only when Anycast is enabled on FortiManager.
Several databases are used for IoT packages. Use the
diagnose fmupdate fgd-dbver command to view the following databases for IoT packages:
iots: IoT single MAC database
Contains IoT info with entry of a single MAC. Considered a delta object because each version contains parts of data, and FortiManager merges all valid data, which is the same as the URL query service.
iotr: IoT range MAC database
Contains IoT info with entry of a MAC range. Considered a regular object, and FortiManager uses only the latest version.
iotm: IoT mapping database
Regular object used to map the info data to strings in tag-length-value (TLV) format.
To configure IoT package download:
- Enable Anycast on FortiManager:
config fmupdate fds-setting
set fortiguard-anycast enable
- Enable download of IoT packages:
config fmupdate service
set query-iot enable
- Configure downloading of IoT packages:
config fmupdate web-spam fgd-setting
set iot-log nofilequery
set iot-preload enable
set restrict-iots-dbver <string>