Following this documentation for FortiManager:
https://docs.fortinet.com/document/fortimanager/7.0.5/administration-guide/578841
It states:
Specifying the IP address is optional. If you do not change the default IP address (0.0.0.0), the interface IP address is used.
When I enabled FortiGuard and WebFiltering, it shows 0.0.0.0/0.0.0.0. Then I click "OK" and a loading icon spins on "OK" and no changes are made. In the information icon it says the IP 'should' be different than the interface IP, but this documentation also says I can set the default 0.0.0.0 to use the interface IP but it won't save the config. If I use a different IP it saves instantly. Any help is greatly appreciated, than
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It seems that you are experiencing an issue when configuring FortiGuard and WebFiltering settings on your FortiGate unit. The behavior you described, where the configuration does not save when using the default IP address (0.0.0.0), suggests a possible configuration limitation or a bug in the FortiGate firmware.
In the documentation you mentioned, it states that specifying the IP address is optional, and if you leave it as 0.0.0.0, the interface IP address should be used. However, if the configuration does not save when using the default IP address, you should consider using a different IP address to ensure that the configuration is applied correctly.
To resolve the issue, I would recommend the following steps:
1. Use a different IP address for the FortiGuard and WebFiltering settings. Choose an IP address that is within the correct range and is not already assigned to another interface or device.
2. Save the configuration after entering the new IP address. Ensure that the configuration saves successfully without any errors or warnings.
3. After saving the configuration, verify that the new IP address is applied correctly by checking the configuration settings or running relevant commands to display the FortiGuard and WebFiltering configuration.
If you continue to experience issues or if the problem persists even after using a different IP address, I would recommend reaching out to Fortinet support for further assistance. They can provide specific guidance and troubleshooting steps based on your FortiGate model and firmware version.
While I can do that, I'd like to set it to 0.0.0.0 and use the interface IP like the documentation says I can.
This is on FortiManager v7.0.5-build0365 221013 (GA).
I think it's because setting the interface address explicitly to its service access address wouldn't change anything how it operates, and it would change it back to the default setting.
It's meaningful only when you need to change the source IP from the outgoing interface address IP.
Toshi
What's happening is the interface's IP address is for example 10.10.15.10
If I click the checkbox for FortiGuard Updates, and Web Filtering it shows 0.0.0.0/0.0.0.0.
If I click "OK" it just spins with a loading circle icon on "OK" and nothing gets saved. I can hit "cancel" but then I don't have what I want enabled.
If I try again and enabled FortiGuard and WebFiltering and this time enter 10.10.15.10 for both it spins and nothing gets changed. I have to click cancel.
If I configure 2 new IPs and set FortiGuard to 10.10.15.11 and Web Filtering to 10.10.15.12, it saves instantly and works. However, I don't want to use 2 different IPs, I want to use the same IP as the interface like it suggests I can do by leaving the config enabled and on 0.0.0.0/0.0.0.0.
As you say in that particular area, 0.0.0.0/0.0.0.0 is equal to 10.10.15.10. Just leave it 0.0.0.0/0.0.0.0 if you don't want to change from the interface IP.
Toshi
I can't leave it as 0.0.0.0/0.0.0.0.
When I click "OK" it spins and nothing changes, that's the issue :\
It doesn't happen to our 7.0.7 FMG-VM.
Using a different IP address using "bind to IP Address" option is only required if you would like to use TCP/443 for the Fortiguard updates between your Fortigates and FortiManager.
If you don't specify any IP address and leave it as "0.0.0.0/0.0.0.0"(default value) the interface IP will be used.
FortiManager will accept port 8890 for package updates and port 53/8888 for web filtering.
Changing/Specifying the IP is required only if you need to force TCP/443, if not, please leave it as default.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.