FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the process of allowing air-gapped FortiGate devices to connect to FortiManager for FortiGuard updates and related FDN services.
Scope
FortiGate, FortiManager.
Solution
In general, air-gapped FortiGates are not permitted to connect to the internet. However, they need to connect to the FDN server for FortiGuard updates, license and subscription validation, etc.
Connect FortiGate to FortiManager, and authorize the device in FortiManager.
config system central-management
set type fortimanager set fmg <FortiManager IP Address>
config server-list
edit 1
set server-type update rating set server-address <FortiManager IP address>
next
end
end
Confirm that FortiGate is able to connect to FortiManager using the following commands:
di de res
di de app update -1
di de en
exec update-now
Disable the debug after 5 minutes:
di de res
Note:
In some cases, FortiGate might encounter an FDN connection issue after several hours due to FortiManager undoing the configuration changes.
