Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
tkanneganti
Staff
Staff

Created on ‎09-10-2024 03:07 AM Edited on ‎10-01-2024 02:51 AM By Community Manager

Article Id 340229

Technical Tip: Configure FortiManager as local FDN server for FortiWeb to get FortiGuard updates

Description This article describes how to configure FortiManager to act as a local FortiGuard server for FortiWeb.
Scope FortiManager.
Solution
  • FortiWeb can only receive FortiGuard updates from the FortiManager but cannot be managed in FortiManager. Feature support matrix link for validation: Feature support
  • The supported version of FortiWeb can be found in this article: FortiWeb
  • Supported models of the FortiWeb can be found in this article: FortiWeb models

 

Based on the version of FortiManager, the respective version has to be selected in the docs portal to check the supported information. The below command also helps in verifying the supported version and the models of the Fortinet devices in FortiManager:

 

diagnose dvm supported-platforms list detail

 

Configuration to be done on FortiManager and FortiWeb:

 

Make sure FortiManager has reachability to the FortiGuard server. Sample output below:

 

diagnose fmupdate view-serverlist fds

Fortiguard Server Comm : Enabled

Server Override Mode   : Loose

FDS   server list      :

Index   Address                    Port            TimeZone        Distance        Source

------------------------------------------------------------------------------------------------------

*0      208.184.237.68             443             9               4               FDNI

 1      208.184.237.67             443             0               5               FDNI

 2      12.34.97.16                443             -5              10              FDNI

 3      208.184.237.66             443             -8              11              FDNI

 4      usfds1.fortinet.com        443             5               0               DEFAULT

 

FCT   server list      :

Index   Address                    Port            TimeZone        Distance        Source

------------------------------------------------------------------------------------------------------

*0      208.184.237.75             443             -8              11              FDNI

 1      usforticlient.fortinet.net 443             5               0               DEFAULT

 

Enable the web service and service access under System Settings -> Network and edit port1.

 

tkanneganti_0-1725961073291.png

 

 

 

On FortiWeb, configure the FortiManager IP as a FortiGuard IP by enabling the override option under System -> Config -> FortiGuard and enable Override default FortiGuard address -> FortiManager IP:8890.

 
Fortiguard_on_Fortiweb.jpg

 

The device listed on the Unauthorized devices list on FortiManager,' Right-click' on the device and select Authorize. If the ADOM is enabled, the device will be listed in the default root ADOM and can move the device to the respective FortiWeb ADOM.

 

tkanneganti_1-1725961073296.png

 

Select the ADOM to where this device should be listed:

 

tkanneganti_2-1725961073301.png

 

The successful authorization page looks as below:

 

tkanneganti_3-1725961073308.png

 

After authorization, the devices and groups page listed with FortiWeb:

 

tkanneganti_4-1725961073313.png

 

 

After successful communication between devices, the FortiGuard updates can be sent to the FortiWeb. Example output as below:

 

diagnose fmupdate view-linkd-log fds

 

2024/09/10_13:10:55.491 notice  fds_worker[30591]: accept connection from ::ffff:10.5.x.x.

2024/09/10_13:10:55.693 info    fds_svrd[30460]: Start fds server session from 127.0.0.1

2024/09/10_13:10:55.694 info    fds_svrd[30460]: [FGT-->FMG] Request: Protocol=3.0|
Command=Update|Firmware=FWB600D-FW-7.44-649|SerialNumber=FV600DXXXXXX|UpdateMethod=0|AcceptDelta=1|DataItem=05000000FWDB00000-00000.00383-0000000000*00000000FCNI00000-00000.00000-0000000000*
00000000FDNI00000-00000.00000-0000000000*01000000FSCI00100-00000.00000-0000000000*
05000000IRFW00301-00004.00895-0000000000*06000000HCDB00100-00001.00448-1697448602*
07002000CRDB00100-00001.00050-1712158380*07004000DLDB00200-00000.00000-0000000000|
Address=::ffff:10.5.x.x^M ^M

2024/09/10_13:10:55.703 info    fds_svrd[30460]: [FMG-->FGT] Response: Protocol=3.0|
Firmware=FMG-VM64-KVM-FW-7.04-2528|SerialNumber=FMGVMSXXXXXXXXX|Response=300|Persistent=false|ResponseItem=05000000FWDB00000:204*00000000FCNI00000:204*00000000FDNI00000:200*01000000FSCI00100:
200*05000000IRFW00301:204*06000000HCDB00100:401*07002000CRDB00100:
204*07004000DLDB00200:401^M ^M

2024/09/10_13:10:55.703 info    fds_svrd[30460]: Process client ::ffff:10.5.x.x request SUCCESS

2024/09/10_13:10:55.703 info    fds_svrd[30460]: print 0x55fa4b20bd50: cnt=4, size=4512, refcnt=4, track=0 fdssession

2024/09/10_13:10:55.703 notice  fds_worker[30591]: process remote(::ffff:10.5.x.x) SUCCESS!

 

 

Debug command on the FortiManager side to validate the updates being pushed or downloaded from FortiGuard:

 

diagnose fmupdate view-linkd-log fds

 

Debug command on the FortiWeb side to validate whether the updates are being downloaded or not:

 

diagnose debug reset

diagnose debug application updated 7

diagnose debug application fds 7

diagnose debug enable

execute update-now

 

Related article:

Technical Tip: Verifying FortiGuard connectivity on FortiManager
Labels:
645
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.