Created on 07-12-2023 08:12 AM Edited on 02-13-2024 06:21 AM By Anthony_E
Description |
This article describes how to configure FortiAnalyzer without direct Internet access to receive GeoIP City DB updates from the FortiGuard server. GeoIP City level database is required by the map view option in FortiAnalyzer FortiView (e.g. Threat Map or SSL and Dialup IPsec) to lookup city name and coordinates for client IP address. |
Solution |
Section 1: FortiAnalyzer web proxy configuration.
config system web-proxy
2. Configure the web proxy to access FortiGuard server fds1.fortinet.com and update.fortiguard.net to receive GeoIP Country-level DB updates. It is also used for FortiAnalyzer registration to FortiCloud. This option does not need to be configured in FortiAnalyzer v7.4.1 onwards.
config fmupdate av-ips web-proxy
3. Configure the web proxy to access FortiGuard servers fqsvr.fortinet.net and gip.fortinet.net to receive GeoIP City level DB updates. This option does not need to be configured in FortiAnalyzer v7.4.1 onwards:
config fmupdate web-spam web-proxy
Section 2: Verification via CLI. Once the above web proxy configuration is applied, it might take a couple to 20 minutes to populate FDS server IP addresses from FortiGuard and download the latest GeoIP Country and City level packages.
The following CLI commands can be used to verify the current status of FortiAnalyzer:
diag system geoip info
diag system geoip ip 4.2.2.2
2. GeoIP City level DB:
diag system geoip-city info
diag system geoip-city ip 4.2.2.2
Section 3: Verification via GUI:
2. VPN -> SSL & Dialup IPsec (Map view):
|