Skip to main content
kmak
Staff
kmak
Staff
January 3, 2025

Technical Tip: How to configure FortiWeb to validate its license and update FortiGuard services through FortiManager

  • January 3, 2025
  • 0 replies
  • 502 views
Description This article describes the steps to configure FortiWeb to validate its license and update FortiGuard services through FortiManager.
Scope FortiWeb.
Solution

Prerequisite:

  • FortiManager enabled the built-in FDS.
  • FortiWeb models and firmware versions are in the supported list of the FortiManager release notes.
  • FortiWeb can send requests to FortiManager TCP port 8890.

 

FortiWeb must have reachability access to the Fortinet Distribution Network (FDN) to validate its licenses and to update the FortiGuard services packages. If FortiWeb is deployed in a closed network with no Internet services allowed for the FortiWeb, it can be configured to validate the license and download the FortiGuard services package updates from the FortiManager.

 

  1. In FortiWeb, enable the Override default FortiGuard address so that FortiWeb will be connecting to the configured IP/FQDN for FortiGuard services update. The setting can be configured through GUI or CLI. Insert the FortiManager IP and port 8890 in the FortiGuard address box.
    TCP port 8890 is the port to which the FortiManager built-in FDS feature listens. Defining the port will cause the FortiWeb to connect using the default HTTPS port 443 and FortiWeb will likely fail to connect.

  • Configure override FortiGuard address through GUI.

 

kmak_0-1735878147679.jpeg

 

  • Configure override FortiGuard address through CLI.

 

config system autoupdate override

    set status enable

    set address <fortimanager_ip>:8890

    set fail-over disable

end

 

kmak_1-1735878147681.jpeg

 

  1. Run the manual update in FortiWeb with debug enabled. The ‘fds’ and ‘updated’ daemon debug will show that the FortiWeb is connecting to the FortiManager IP and port 8890 for the update connection.

    kmak_2-1735878147691.jpeg

     

  2. Log into the FortiManager and the FortiWeb serial number shall be shown in the Device and Groups list under the Unauthorized Devices. Select the FortiWeb device and authorize the device from the list.
                                                           

    kmak_3-1735878147695.jpeg

     

  3. In the FortiManager, navigate to the FortiWeb ADOM (if ADOM is enabled). Check the FortiWeb device license status under the FortiGuard -> Device Licenses page. Hover the mouse cursor to the Service Status to check the available update status. Run the manual update in FortiWeb if necessary to download the latest service packages through the FortiManager.

 

kmak_4-1735878147698.jpeg


Related document:

Connecting to FortiGuard services
Terms & ConditionsAccessibility statement