Description
A new feature in FortiOS v5.0.0 GA is the enhancement of Global FortiGuard Server override.
The 'config system autoupdate override' which allowed a FortiGate unit to retrieve updates from a FortiManager was removed in 5.0 and this function was added in system | central management.
Scope
FortiOS v.5.0
Solution
In order to configure the FortiGate unit running FortiOS 5.0 to get av/ips service from FortiManager configure the following:
1. Log in to the FortiGate unit.
2. Go to System > Admin > Settings.
3. Enter the IP address for the FortiManager.
4. Select Send Request.
The FortiManager ID appears in the Trusted FortiManager table, and can now be managed by the FortiManager unit, once it has beed added to the Device Manager.
As an additional security measure, select Registration Password and enter a password to connect to the FortiManager in an upcoming FortiManager release.
To configure the FortiGate unit - CLI:
config system central-mamagement
set fmg <ip_address>
end |
To use the registration password in an upcoming FortiManager release enter:
| execute central-mgmt register-device <fmg-serial-no><fmg-register-password><fgt-usrname><fgt-password> |
For example:
# config system central management
#(central-management)
# get
mode : normal
type : fortimanager
schedule-config-restore: enable
schedule-script-restore: enable
allow-push-configuration: enable
allow-pushd-firmware: enable
allow-remote-firmware-upgrade: enable
allow-monitor : enable
fortimanager-fds-override: enable -------------> enable FMG override
serial-number : "xxxxxxxxx"
fmg : xx.xx.xx.xx
fmg-source-ip : 0.0.0.0
vdom : root
enc-algorithm : default |
In v5.0, when fortimanager-fds-override is enabled the default port will be port 8890, so there is no need to specify the port option.
