Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mmishra_FTNT
Staff
Staff

Created on ‎09-20-2023 06:38 AM Edited on ‎10-31-2023 09:06 AM By Moderator

Article Id 273741

Technical Tip: Configuration when both FortiGate-VM and FortiManager-VM have no internet access (air-gap)

Description

 

This article describes the configuration when both FortiGate-VM and FortiManager-VM have no internet access (air-gap).

 

FGT-VM (no internet access)----FMG-VM (no internet access).

 

Scope

 

For FortiGate and FortiManager-VM and hardware devices v7.2 Firmware.

 

Solution

 

The configuration needed on FortiGate-VM and FMG-FortiManager is as below:

 

  1. Upload the FortiManager entitlement file on FortiManager-VM (Contact the customer service team to get the Entitlement file).

 

image.png

 

  1. Configure the below settings on FortiManager to allow FortiGate to query and FortiManager to remain offline.
  • Enable FortiGate Updates and Web filtering on Port where FortiGate is connected under System Settings-> Network-> Port where FortiGate is connected -> Service Access.

 

Setting son interface levelSetting son interface level

                   

  • Disable communication with the FortiGuard server using the toggle Button under FortiGuard -> Settings-> Enable Communication with FortiGuard Server and Enable Antivirus and IPS Service for relevant FortiOS versions.

 

Choose the FGT versionChoose the FGT version

 

  •  Enable Webfilter Service and Email Filter Service as per the screenshot below:

 

FMG_Settings_WF_Antispam.PNG

       

  1. Download all available AV/IPS DB from support.fortinet.com under Support -> Service Updates.

 

Select the appropriate firmwareSelect the appropriate firmware

 

Select the applicable platformSelect the applicable platform

         

  1. Upload the downloaded signature DB under FortiGuard -> Package Management-> Receive Status -> Import.

 

Upload available signature DB and click OKUpload available signature DB and click OK

       

  1.  After the import is successful DB will be visible under FortiGuard-> Package Management-> Receive Status.

 

After DB uploadAfter DB upload

 

Import completeImport complete

 

Before DB uploadBefore DB upload

 

  1.  Export Webfilter query, Antispam Query, and GeoIP query DB from a FortiManager with a working Internet connection under FortiGuard-> Query Server Management -> Receive Status -> Export.

 

Select the query DB required and click on ExportSelect the query DB required and click on Export

 

  1. Upload these downloaded DB to offline FortiManager under FortiGuard -> Query Server Management-> Receive Status -> Import.

 

Upload the Query DB and click on OKUpload the Query DB and click on OK 

  1.  Once the import is successful Query DB will be visible as shown in the screenshots:

 

Import CompleteImport Complete

 

After successful Query DB uploadAfter successful Query DB upload

 

After successful Query DB uploadAfter successful Query DB upload

 

Before Query DB is UploadedBefore Query DB is Uploaded 

 

  1. Upload the FortiGate-VM license file under FortiGuard-> Settings-> Upload Options for FortiGate/FortiMail -> Service License.

 

Load VM license file and click OKLoad VM license file and click OK

     

  1. Upload the FortiGate-VM Entitlement license file (Contact customer service for Entitlement file) under FortiGuard-> Settings-> Upload Options for FortiGate/FortiMail -> Service License.

 

Get the file from Customer service team and click on OK after uploadGet the file from Customer service team and click on OK after upload

 

  1. Configure Central management on FortiGate and Authorize device.

 

Enable Central management and configure server list as FMG IPEnable Central management and configure server list as FMG IP

 

Related Articles:

Technical Tip: Configure FortiManager as a local FDN server for FortiGates

1556
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.