config system central-managementTo over-ride, disable "include-default-servers" setting and configure "server-list" to specify FortiManager IP. This IP can be any of the FortiManager IP if it is in cluster.
set type fortimanager
set fmg "x.x.x.x"
set include-default-servers enable <----- This setting will ensure FortiGate is getting update from FortiGuard default servers.
end
# config system central-managementTo configure these settings from FortiManager:
set type fortimanager
set fmg "x.x.x.x"
set include-default-servers disable <----- This setting will ensure FortiGate will not getting update from FortiGuard default servers.
config server-list
edit 1
set server-type update rating
set server-address x.x.x.x
next
end
end
The equivalent of "include-default-servers" is a checkbox item entitled: "Fall Back to Public FortiGuard Servers".
Verification
In FortiManager, test the update request under:
FortiGuard -> Package Management -> Service Status, select 'FortiGate' and select 'Push All Pending'.
It takes a while before service status will show update status.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.