config system fortiguard
Configure FortiGuard services.
config system fortiguard Description: Configure FortiGuard services. set fortiguard-anycast [enable|disable] set fortiguard-anycast-source [fortinet|aws|...] set protocol [udp|http|...] set port [8888|53|...] set load-balance-servers {integer} set auto-join-forticloud [enable|disable] set update-server-location [automatic|usa|...] set sandbox-region {string} set sandbox-inline-scan [enable|disable] set update-ffdb [enable|disable] set update-uwdb [enable|disable] set update-dldb [enable|disable] set update-extdb [enable|disable] set update-build-proxy [enable|disable] set persistent-connection [enable|disable] set vdom {string} set auto-firmware-upgrade [enable|disable] set auto-firmware-upgrade-day {option1}, {option2}, ... set auto-firmware-upgrade-delay {integer} set auto-firmware-upgrade-start-hour {integer} set auto-firmware-upgrade-end-hour {integer} set FDS-license-expiring-days {integer} set antispam-force-off [enable|disable] set antispam-cache [enable|disable] set antispam-cache-ttl {integer} set antispam-cache-mpermille {integer} set antispam-license {integer} set antispam-expiration {integer} set antispam-timeout {integer} set outbreak-prevention-force-off [enable|disable] set outbreak-prevention-cache [enable|disable] set outbreak-prevention-cache-ttl {integer} set outbreak-prevention-cache-mpermille {integer} set outbreak-prevention-license {integer} set outbreak-prevention-expiration {integer} set outbreak-prevention-timeout {integer} set fnbi-license {integer} set fnbi-expiration {integer} set webfilter-force-off [enable|disable] set webfilter-cache [enable|disable] set webfilter-cache-ttl {integer} set webfilter-license {integer} set webfilter-expiration {integer} set webfilter-timeout {integer} set sdns-server-ip {user} set sdns-server-port {integer} set anycast-sdns-server-ip {ipv4-address} set anycast-sdns-server-port {integer} set sdns-options {option1}, {option2}, ... set source-ip {ipv4-address} set source-ip6 {ipv6-address} set proxy-server-ip {string} set proxy-server-port {integer} set proxy-username {string} set proxy-password {password} set ddns-server-ip {ipv4-address} set ddns-server-ip6 {ipv6-address} set ddns-server-port {integer} set interface-select-method [auto|specify] set interface {string} end
config system fortiguard
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
fortiguard-anycast |
Enable/disable use of FortiGuard's Anycast network. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
fortiguard-anycast-source |
Configure which of Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. Default is Fortinet. |
option |
- |
fortinet |
||||||||||||||||
|
|
|||||||||||||||||||
protocol |
Protocol used to communicate with the FortiGuard servers. |
option |
- |
https |
||||||||||||||||
|
|
|||||||||||||||||||
port |
Port used to communicate with the FortiGuard servers. |
option |
- |
443 |
||||||||||||||||
|
|
|||||||||||||||||||
load-balance-servers |
Number of servers to alternate between as first FortiGuard option. |
integer |
Minimum value: 1 Maximum value: 266 |
1 |
||||||||||||||||
auto-join-forticloud |
Automatically connect to and login to FortiCloud. |
option |
- |
disable |
||||||||||||||||
|
|
|||||||||||||||||||
update-server-location |
Location from which to receive FortiGuard updates. |
option |
- |
automatic |
||||||||||||||||
|
|
|||||||||||||||||||
sandbox-region |
FortiCloud Sandbox region. |
string |
Maximum length: 63 |
|
||||||||||||||||
sandbox-inline-scan |
Enable/disable FortiCloud Sandbox inline-scan. |
option |
- |
disable |
||||||||||||||||
|
|
|||||||||||||||||||
update-ffdb |
Enable/disable Internet Service Database update. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
update-uwdb |
Enable/disable allowlist update. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
update-dldb |
Enable/disable DLP signature update. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
update-extdb |
Enable/disable external resource update. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
update-build-proxy |
Enable/disable proxy dictionary rebuild. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
persistent-connection |
Enable/disable use of persistent connection to receive update notification from FortiGuard. |
option |
- |
disable |
||||||||||||||||
|
|
|||||||||||||||||||
vdom |
FortiGuard Service virtual domain name. |
string |
Maximum length: 31 |
|
||||||||||||||||
auto-firmware-upgrade |
Enable/disable automatic patch-level firmware upgrade from FortiGuard. The FortiGate unit searches for new patches only in the same major and minor version. |
option |
- |
disable |
||||||||||||||||
|
|
|||||||||||||||||||
auto-firmware-upgrade-day |
Allowed day. Disallow any day of the week to use auto-firmware-upgrade-delay instead, which waits for designated days before installing an automatic patch-level firmware upgrade. |
option |
- |
|
||||||||||||||||
|
|
|||||||||||||||||||
auto-firmware-upgrade-delay |
Delay of day of the week for installing an automatic patch-level firmware upgrade. |
integer |
Minimum value: 0 Maximum value: 14 |
3 |
||||||||||||||||
auto-firmware-upgrade-start-hour |
Start time in the designated time window for automatic patch-level firmware upgrade from FortiGuard in 24 hour time. The actual upgrade time is selected randomly within the time window. |
integer |
Minimum value: 0 Maximum value: 23 |
1 |
||||||||||||||||
auto-firmware-upgrade-end-hour |
End time in the designated time window for automatic patch-level firmware upgrade from FortiGuard in 24 hour time. When the end time is smaller than the start time, the end time is interpreted as the next day. The actual upgrade time is selected randomly within the time window. |
integer |
Minimum value: 0 Maximum value: 23 |
4 |
||||||||||||||||
FDS-license-expiring-days |
Threshold for number of days before FortiGuard license expiration to generate license expiring event log. |
integer |
Minimum value: 1 Maximum value: 100 |
15 |
||||||||||||||||
antispam-force-off |
Enable/disable turning off the FortiGuard antispam service. |
option |
- |
disable |
||||||||||||||||
|
|
|||||||||||||||||||
antispam-cache |
Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
antispam-cache-ttl |
Time-to-live for antispam cache entries in seconds. Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries. |
integer |
Minimum value: 300 Maximum value: 86400 |
1800 |
||||||||||||||||
antispam-cache-mpermille |
Maximum permille of FortiProxy memory the antispam cache is allowed to use. |
integer |
Minimum value: 1 Maximum value: 150 |
1 |
||||||||||||||||
antispam-license |
Interval of time between license checks for the FortiGuard antispam contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
antispam-expiration |
Expiration date of the FortiGuard antispam contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
antispam-timeout |
Antispam query time out. |
integer |
Minimum value: 1 Maximum value: 30 |
7 |
||||||||||||||||
outbreak-prevention-force-off |
Turn off FortiGuard Virus Outbreak Prevention service. |
option |
- |
disable |
||||||||||||||||
|
|
|||||||||||||||||||
outbreak-prevention-cache |
Enable/disable FortiGuard Virus Outbreak Prevention cache. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
outbreak-prevention-cache-ttl |
Time-to-live for FortiGuard Virus Outbreak Prevention cache entries. |
integer |
Minimum value: 300 Maximum value: 86400 |
300 |
||||||||||||||||
outbreak-prevention-cache-mpermille |
Maximum permille of memory FortiGuard Virus Outbreak Prevention cache can use. |
integer |
Minimum value: 1 Maximum value: 150 |
1 |
||||||||||||||||
outbreak-prevention-license |
Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
outbreak-prevention-expiration |
Expiration date of FortiGuard Virus Outbreak Prevention contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
outbreak-prevention-timeout |
FortiGuard Virus Outbreak Prevention time out. |
integer |
Minimum value: 1 Maximum value: 30 |
7 |
||||||||||||||||
fnbi-license |
License type. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
fnbi-expiration |
License expiration. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
webfilter-force-off |
Enable/disable turning off the FortiGuard web filtering service. |
option |
- |
disable |
||||||||||||||||
|
|
|||||||||||||||||||
webfilter-cache |
Enable/disable FortiGuard web filter caching. |
option |
- |
enable |
||||||||||||||||
|
|
|||||||||||||||||||
webfilter-cache-ttl |
Time-to-live for web filter cache entries in seconds. |
integer |
Minimum value: 300 Maximum value: 86400 |
3600 |
||||||||||||||||
webfilter-license |
Interval of time between license checks for the FortiGuard web filter contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
webfilter-expiration |
Expiration date of the FortiGuard web filter contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
webfilter-timeout |
Web filter query time out. |
integer |
Minimum value: 1 Maximum value: 30 |
15 |
||||||||||||||||
sdns-server-ip |
IP address of the FortiGuard DNS rating server. |
user |
Not Specified |
|
||||||||||||||||
sdns-server-port |
Port to connect to on the FortiGuard DNS rating server. |
integer |
Minimum value: 1 Maximum value: 65535 |
53 |
||||||||||||||||
anycast-sdns-server-ip |
IP address of the FortiGuard anycast DNS rating server. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
anycast-sdns-server-port |
Port to connect to on the FortiGuard anycast DNS rating server. |
integer |
Minimum value: 1 Maximum value: 65535 |
853 |
||||||||||||||||
sdns-options |
Customization options for the FortiGuard DNS service. |
option |
- |
|
||||||||||||||||
|
|
|||||||||||||||||||
source-ip |
Source IPv4 address used to communicate with FortiGuard. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
source-ip6 |
Source IPv6 address used to communicate with FortiGuard. |
ipv6-address |
Not Specified |
:: |
||||||||||||||||
proxy-server-ip |
Hostname or IPv4 address of the proxy server. |
string |
Maximum length: 63 |
|
||||||||||||||||
proxy-server-port |
Port used to communicate with the proxy server. |
integer |
Minimum value: 0 Maximum value: 65535 |
0 |
||||||||||||||||
proxy-username |
Proxy user name. |
string |
Maximum length: 64 |
|
||||||||||||||||
proxy-password |
Proxy user password. |
password |
Not Specified |
|
||||||||||||||||
ddns-server-ip |
IP address of the FortiDDNS server. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
ddns-server-ip6 |
IPv6 address of the FortiDDNS server. |
ipv6-address |
Not Specified |
:: |
||||||||||||||||
ddns-server-port |
Port used to communicate with FortiDDNS servers. |
integer |
Minimum value: 1 Maximum value: 65535 |
443 |
||||||||||||||||
interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||||||||||||
|
|
|||||||||||||||||||
interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|