Technical Note : How to override DNS for FortiGuard and use FortiManager
Description
This article explains how to override DNS lookup's for FortiGuard in FortiOS and point to DNS lookup's for FortiGuard via FortiManager.
Scope
FortiOS v4.0 and above.
Solution
In FortiOS by default, DNS lookup's for FortiGuard are performed via the FortiGate. A service-override service is available allowing these DNS lookup's to be performed by a FortiManager.
To configure the connect to the CLI of the FortiGate, perform the following:
1. Enable the service-override for FortiGuard Services.
config system fortiguard
set hostname "service.fortiguard.net"
set srv-ovrd enable
2. An override server list menu will be available once the service-override has been enabled, create a server entry and enter the IP of the FortiManager device.
config srv-ovrd-list
edit <index_int>
set addr-type {ipv6 | ipv4}
set ip <ovrd_ipv4> => IP address of FortiManager
set ip6 <ovrd_ipv6>
end