Description
Scope
Solution
A new feature in FortiOS v5.0.0 GA is the enhancement of Global FortiGuard Server override.
The 'config system autoupdate override' which allowed a FortiGate unit to retrieve updates from a FortiManager was removed in 5.0 and this function was added in system | central management.
The 'config system autoupdate override' which allowed a FortiGate unit to retrieve updates from a FortiManager was removed in 5.0 and this function was added in system | central management.
Scope
FortiOS v.5.0
Solution
In order to configure the FortiGate unit running FortiOS 5.0 to get av/ips service from FortiManager configure the following:
1. Log in to the FortiGate unit.
2. Go to System > Admin > Settings.
3. Enter the IP address for the FortiManager.
4. Select Send Request.
The FortiManager ID appears in the Trusted FortiManager table, and can now be managed by the FortiManager unit, once it has beed added to the Device Manager.
As an additional security measure, select Registration Password and enter a password to connect to the FortiManager in an upcoming FortiManager release.
To configure the FortiGate unit - CLI:
1. Log in to the FortiGate unit.
2. Go to System > Admin > Settings.
3. Enter the IP address for the FortiManager.
4. Select Send Request.
The FortiManager ID appears in the Trusted FortiManager table, and can now be managed by the FortiManager unit, once it has beed added to the Device Manager.
As an additional security measure, select Registration Password and enter a password to connect to the FortiManager in an upcoming FortiManager release.
To configure the FortiGate unit - CLI:
config system central-mamagement set fmg <ip_address> end |
To use the registration password in an upcoming FortiManager release enter:
For example:
In v5.0, when fortimanager-fds-override is enabled the default port will be port 8890, so there is no need to specify the port option.
execute central-mgmt register-device <fmg-serial-no><fmg-register-password><fgt-usrname><fgt-password> |
# config system central management #(central-management) # get mode : normal type : fortimanager schedule-config-restore: enable schedule-script-restore: enable allow-push-configuration: enable allow-pushd-firmware: enable allow-remote-firmware-upgrade: enable allow-monitor : enable fortimanager-fds-override: enable -------------> enable FMG override serial-number : "xxxxxxxxx" fmg : xx.xx.xx.xx fmg-source-ip : 0.0.0.0 vdom : root enc-algorithm : default |
In v5.0, when fortimanager-fds-override is enabled the default port will be port 8890, so there is no need to specify the port option.
Labels: