Disable FortiGuard Services Globally.

To disable FortiGuard, including Antivirus (AV), Web Filtering, and Antispam, use the following commands:

config system fortiguard

    set outbreak-prevention-force-off enable

end

set outbreak-prevention-force-off enable: This command disables the FortiGuard Virus Outbreak Prevention service.

config system fortiguard

    set webfilter-force-off enable

end

set webfilter-force-off enable: This command forces Web Filtering to be turned off, bypassing any Web Filtering services provided by FortiGuard.

config system fortiguard

    set antispam-force-off enable

end

set antispam-force-off enable: This command disables the FortiGuard Antispam service, preventing any antispam functionality provided by FortiGuard.

Verify the configuration.

Run the following command to confirm that the settings are applied:

show full-configuration system fortiguard

This will display the current FortiGuard settings. Ensure that the values for avquery-force-off, webfilter-force-off, and antispam-force-off are set to enable.

Note:

• Disabling FortiGuard services on a FortiGate device results in reduced security capabilities, as the device will no longer receive real-time updates for antivirus signatures, web filtering, and antispam, relying only on cached data.
• This increases vulnerability to new threats, malicious websites, and spam, potentially exposing the network to security risks.
• While core network functions and management features remain operational, the overall security posture is compromised, so disabling these services should be done with caution and a clear understanding of the potential risks involved.