Description
This article describes how to override the FortiGate central-management setting to get updates from FortiManager.
Scope
FortiGate will receive updates from FortiManager other than FortiGuard servers.
Solution
If FortiGate is set to get updates from the FortiGuard server, the following is the configuration:
config system central-management
set type fortimanager
set fmg "x.x.x.x"
set include-default-servers enable <----- This setting will ensure FortiGate is getting updates from FortiGuard default servers.
end
To override, disable the 'include-default-servers' setting and configure 'server-list' to specify FortiManager IP. This IP can be any of the FortiManager IPs if it is in the cluster.
config system central-management
set type fortimanager
set fmg "x.x.x.x"
set include-default-servers disable <----- This setting will ensure FortiGate will not getting update from FortiGuard default servers.
config server-list
edit 1
set server-type update rating
set server-address x.x.x.x
next
end
end
To configure these settings from FortiManager: In Device Manager, select the FortiGate in question and go to System -> FortiGuard.
The equivalent of 'include-default-servers' is a checkbox item entitled: 'Fall Back to Public FortiGuard Servers'.
Verification:
In FortiManager, test the update request under FortiGuard -> Package Management -> Service Status, select 'FortiGate' and select 'Push All Pending'.
It takes a while before the service status will show the update status.
Related documents:
Operating as an FDS in a closed network
Technical Note: Setting up FortiManager behind Web Proxy to act as standalone FortiGuard FDS server ...
Technical Tip: Configure FortiManager as a local FDN server for FortiGates
