Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kelv1n
New Contributor

Configuring Fortigates to get Fortiguard update from FMG? how?

Hi

 

We're running Fortigates with v5.2.x and FMG 5.2.1.

 

How do you tell a fortigate to check FMG for Fortiguard updates before going to the proper Fortiguard Service Service?

 

The fortiOS manual say

config system central-management
 set fortimanager-fds-sigupdate-override enable
 set sig-update-server-1 10.10.10.10
 set sig-update-server-2 20.20.20.20
 set sig-update-server-3 30.30.30.30
end

 

But none of these commands actually exist in the CLI.

 

I've seen other websites stating run "set fortimanager-fds-override enable" but this doesn't exist anymore.

 

17 REPLIES 17
Anne
New Contributor III

All that it doesnt do is Web Filtering license verification, and web filtering database download on the FGT. It does download the Web Filtering database on FMG though

 

scao_FTNT

All that it doesnt do is Web Filtering license verification, and web filtering database download on the FGT. It does download the Web Filtering database on FMG though

   -- for WF, FGT send URL request to FMG and FMG will then return result

 

but to confirm, on FGT, you config is like below?

 

config server-list edit 1 set server-type upate

 

this is only for AV/IPS update, and for WF/AS, you need to also enable rating

 

 set server-type update rating

 

Thanks

 

Simon

Anne
New Contributor III

Here is the FMG config

 

config system central-management     set type fortimanager     set fmg "10.200.1.1"         config server-list             edit 1                 set server-type update rating                 set server-address 10.200.1.1             next         end     set include-default-servers disable     set enc-algorithm high end

scao_FTNT

can you also provide "diagnose debug rating" on FGT?

 

Thanks

 

Simon

Anne
New Contributor III

di de rating Locale       : english License      : Unknown Expiration   : N/A -=- Server List (Wed Mar  2 10:07:45 2016) -=- IP                  Weight    RTT Flags  TZ    Packets  Curr Lost Total Lost 10.200.1.1          120      0  IF     0     107912     107909     107909

scao_FTNT

can you help do a check on FMG side " diagnose fmupdate fgd-dbcontract", so that FGT SN has correct license in FMG db? you do not need to paste it here since output will have your FGT license info

 

if you checked license is OK on FMG side, you may need to open a ticket and send me a ticket reminder, we will work for your case through ticket system

 

Thanks

 

Simon

Anne
New Contributor III

Thanks.

 

I checked the license info using the comand "di fmupdate fgd-dbcontract". It displays the serial numbers and the license info correctly.

 

Anne
New Contributor III

The other thing I have noticed is, for FMG, we have got a license for 10UG only which means 10 + 10 in total. If I look at the datasheet, it shows the add-ons are available for FMG-VM-10-UG and the next one is FMG-VM-100-UG. It doesnt show anything fo r +10 licences

 

 

 

 

Labels
Top Kudoed Authors