Fortinet white logo
Fortinet white logo

Administration Guide

IoT packages

IoT packages

You can enable download of packages for the Internet of Things (IoT) service by using the CLI. Following is a summary of how FortiManager handles the IoT packages:

  1. FortiManager downloads packages from FortiGuard.
  2. FortiManager merges the downloaded packages into Run Database.
  3. FortiManager provides the query service.
Note

Downloads of IoT packages from FortiGuard to FortiManager are currently supported only when Anycast is enabled on FortiManager.

Note

In FortiManager 7.4.1 and later, the IoT query services must be enabled separately using the FortiManager CLI.

See Enabling IoT query services.

Several databases are used for IoT packages. Use the diagnose fmupdate fgd-dbver command to view the following databases for IoT packages:

  • iots: IoT single MAC database

    object ID: 00000000IOTS0000

    Contains IoT info with entry of a single MAC. Considered a delta object because each version contains parts of data, and FortiManager merges all valid data, which is the same as the URL query service.

  • iotr: IoT range MAC database

    object ID: 00000000IOTR0000

    Contains IoT info with entry of a MAC range. Considered a regular object, and FortiManager uses only the latest version.

  • iotm: IoT mapping database

    object ID: 00000000IOTR0000

    Regular object used to map the info data to strings in tag-length-value (TLV) format.

To configure IoT package download:
  1. Enable Anycast on FortiManager:

    config fmupdate fds-setting

    set fortiguard-anycast enable

    end

  2. Enable the IoT query service:

    config fmupdate service

    set query-iot enable

    end

  3. Configure downloading of IoT packages:

    config fmupdate web-spam fgd-setting

    set iot-log nofilequery

    set iot-preload enable

    set restrict-iots-dbver <string>

    end

IoT packages

IoT packages

You can enable download of packages for the Internet of Things (IoT) service by using the CLI. Following is a summary of how FortiManager handles the IoT packages:

  1. FortiManager downloads packages from FortiGuard.
  2. FortiManager merges the downloaded packages into Run Database.
  3. FortiManager provides the query service.
Note

Downloads of IoT packages from FortiGuard to FortiManager are currently supported only when Anycast is enabled on FortiManager.

Note

In FortiManager 7.4.1 and later, the IoT query services must be enabled separately using the FortiManager CLI.

See Enabling IoT query services.

Several databases are used for IoT packages. Use the diagnose fmupdate fgd-dbver command to view the following databases for IoT packages:

  • iots: IoT single MAC database

    object ID: 00000000IOTS0000

    Contains IoT info with entry of a single MAC. Considered a delta object because each version contains parts of data, and FortiManager merges all valid data, which is the same as the URL query service.

  • iotr: IoT range MAC database

    object ID: 00000000IOTR0000

    Contains IoT info with entry of a MAC range. Considered a regular object, and FortiManager uses only the latest version.

  • iotm: IoT mapping database

    object ID: 00000000IOTR0000

    Regular object used to map the info data to strings in tag-length-value (TLV) format.

To configure IoT package download:
  1. Enable Anycast on FortiManager:

    config fmupdate fds-setting

    set fortiguard-anycast enable

    end

  2. Enable the IoT query service:

    config fmupdate service

    set query-iot enable

    end

  3. Configure downloading of IoT packages:

    config fmupdate web-spam fgd-setting

    set iot-log nofilequery

    set iot-preload enable

    set restrict-iots-dbver <string>

    end