Configure an air-gapped FortiGate to use ...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 351578

Description

This article describes the process of allowing air-gapped FortiGate devices to connect to FortiManager for FortiGuard updates and related FDN services.

Scope

FortiGate, FortiManager.

Solution

In general, air-gapped FortiGates are not permitted to connect to the internet. However, they need to connect to the FDN server for FortiGuard updates, license and subscription validation, etc.

Connect FortiGate to FortiManager, and authorize the device in FortiManager.

config system central-management

set type fortimanager
set fmg <FortiManager IP Address>

config server-list

edit 1

set server-type update rating
set server-address <FortiManager IP address>

end

Confirm that FortiGate is able to connect to FortiManager using the following commands:

di de res

di de app update -1

di de en

exec update-now

Disable the debug after 5 minutes:

di de res

Note:

In some cases, FortiGate might encounter an FDN connection issue after several hours due to FortiManager undoing the configuration changes.

337

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Configure an air-gapped FortiGate to use FortiManager as an FDN server

You are leaving our website