From v7.4.0, FortiGuard Antispam queries will be supported by using a web proxy.

Before v7.4.0, only licensing and Fortiguard Antivirus queries can be updated through proxy.

1. In the FortiMail CLI, apply the following command:

config system fortiguard antivirus

set tunneling-status enable

set tunneling-address <SQUID_PROXY_IP>

set tunneling-port <SQUID_PROXY_PORT>

end

Replace <SQUID_PROXY_IP> with the IP address of a used SQUID proxy server and <SQUID_PROXY_PORT> with the appropriate port number.

CLI Command example:

config system fortiguard antivirus

set tunneling-status enable

set tunneling-address 10.5.29.211

set tunneling-port 3128

end

Optionally, for enhanced security, include a tunneling username and password.

2. Use the following commands in the FortiMail CLI to debug and verify the update process:

diagnose debug application updated 7

diagnose debug enable

execute update now

3. For additional verification, monitor SQUID server logs to check for accepted or denied connections to FortiGuard FQDNs. Use the following command on the SQUID server:   

$sudo tail -f /var/log/squid/access.log 

4. Ensure that the following FortiGuard FQDNs are permitted through the SQUID server:

fds1.fortinet.com

service.fortiguard.net

Note: 

After completion, disable debugging from the FortiMail CLI with the following command:

diagnose debug disable