Description
This article explains how to configure FortiGate to use FortiManager as local FDS server. FortiManager can be operated as a local FDS server when it is in a closed network with no Internet connectivity.
Scope
FortiGate.
The terminology used in this document:
FDS = Antivirus/IPS service.
Solution
This is only a CLI configuration:
config global <---- If VDOM is enabled, run this command.
config system central-management
set include-default-servers disable <----- Disable it.
end
This warning message will appear:
'Warning: The server-list does not contain a server for URL ratings. Add a server entry or enable 'include-default-servers'.
Note: The set include-default-servers should be enabled if FortiManager is not used as a local FDS server.
config system central-management
config server-list
edit 1
set server-type update
set addr-type ipv4
set server-address x.x.x.x <----- The FortiManager IP.
next
set fmg-update-port 443 <----- The update port.
end
To add override servers from FortiGate GUI: Go to System -> FortiGuard. Scroll down to the Override FortiGuard Servers section.
As provided in the screenshot below:
- In the table, select Create New. The Create New Override FortiGuard Server pane opens.
- Select the server address type: IPv4, IPv6, or FQDN, and enter the server address of the selected type in the Address field.
Choose the type of server: AntiVirus & IPS Updates, Filtering, or Both, and select Apply.
CLI output:
Related documents:
Operating as an FDS in a closed network
Override FortiGuard servers - FortiGate 6.2.16 cookbook
Technical Tip: Configure FortiManager as a local FDN server for FortiGates
