FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Renante_Era
Staff
Staff
Article Id 351578
Description This article describes the process of allowing air-gapped FortiGate devices to connect to FortiManager for FortiGuard updates and related FDN services.
Scope FortiGate, FortiManager.
Solution

In general, air-gapped FortiGates are not permitted to connect to the internet. However, they need to connect to the FDN server for FortiGuard updates, license and subscription validation, etc.

 

 

  1. Connect FortiGate to FortiManager, and authorize the device in FortiManager.

 

config system central-management

set type fortimanager
set fmg <FortiManager IP Address>

config server-list

edit 1

set server-type update rating
set server-address <FortiManager IP address>

next

end

end

 

 

  1. Confirm that FortiGate is able to connect to FortiManager using the following commands:

 

di de res

 

di de app update -1

di de en

exec update-now

 

Disable the debug after 5 minutes:

 

di de res

 

Note: 

In some cases, FortiGate might encounter an FDN connection issue after several hours due to FortiManager undoing the configuration changes.