FortiManager and FortiAnalyzer do not have any region-specific servers for Europe. The FQDN used for Unicast servers are listed below:

fds1.fortinet.com ---> AntiVirus/IPS service.
guard.fortinet.net ---> Web-Filtering/AntiSpam service.
gip.fortinet.net ---> File query and GEO IP service.
forticlient.fortinet.net --> FortiClient updates.

These FQDNs will not include all the FDNI IP lists. So FortiManager/FortiAnalyzer will connect to FortiGuard to download a list of IP addresses. This dynamic list needs to be manually updated in FortiGate's policy to allow traffic from FortiManager/FortiAnalyzer to FortiGuard.

1. Run the below command from FortiManager/FortiAnalyzer to get the IP list:

diag fmupdate view-serverlist fds

diag  fmupdate view-serverlist fgd

2. Create a firewall policy in FortiGate with the Source Address set as FortiManager/FortiAnalyzer and Service port 443 and manually update the FortiGuard IP address list we get from step 1 as the Destination Address in the FortiGate's policy. FortiGate policy configuration can be done following these steps: Firewall policy

Example:

Note:

• FortiManager and FortiAnalyzer will use port 443 to communicate with the FortiGuard server. Make sure this port is open for communication.
• FortiGate can be configured with the Internet service signature for FortiGuard. As a result, the IP will be delivered automatically by the FortiGuard service.

Navigate under Firewall policy -> Destination -> Internet Service -> 'Fortinet-Fortiguard'.
 

Related articles:

Technical Tip: Configure FortiManager as a local FDN server for FortiGates.

Technical Tip: How to configure and optimize FortiManager as Local Web filter Server

Technical Tip: The FortiGuard IP address range