Comunication to FortiGuard without direct internat access
I have a question, if it is possible, to have access to FortiGuard from Fortigate which do not have a direct internet connection? There is a IPsec tunnel between this Fortigate and the Primary Fortigate which has a internet connection so I wonder if there is a posibility to pusch trafick for FortiGuard throug IPsec VPN to the primary device and then to internet?
Maybe there is other solution for this?
Sorry if this question sound stupied but I just starting with Fortigate.
Hi gszkiela, In addition, you can simply tell the FortiGate that doesn't have direct internet to use the IPSec tunnel as default route (including for FortiGuard queries), and set up policies on the primary FortiGate to allow the isolated one access from IPSec to regular internet.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Yes, it is possible to access FortiGuard services from a FortiGate device that does not have a direct internet connection. You can configure the FortiGate device to send FortiGuard traffic through an IPsec VPN tunnel to a primary FortiGate device that has internet access.
Here are the steps to configure the FortiGate device to send FortiGuard traffic through an IPsec VPN tunnel:
1. Configure the IPsec VPN tunnel: Configure an IPsec VPN tunnel between the FortiGate device and the primary FortiGate device. Make sure that the tunnel is up and running, and that traffic can pass through the tunnel.
2. Configure the FortiGuard settings: Configure the FortiGuard settings on the FortiGate device to use the primary FortiGate device as the FortiGuard server. You can do this by going to System > FortiGuard, and selecting the "Use Custom" option. Then, enter the IP address of the primary FortiGate device as the FortiGuard server.
3. Configure the routing settings: Configure the routing settings on the FortiGate device to send FortiGuard traffic through the IPsec VPN tunnel to the primary FortiGate device. You may need to add a static route or modify the routing settings to ensure that FortiGuard traffic is sent through the IPsec VPN tunnel.
4. Verify the FortiGuard settings: Verify that the FortiGuard settings on the FortiGate device are working correctly. You can do this by checking the FortiGuard logs on the FortiGate device to see if there are any error messages or warnings related to the FortiGuard traffic.
I hope this helps! Let me know if you have any further questions.
Please be informed that fortigate needs internet connectivity to update the license through fortiguard, so you may route all the traffic to flow through IPsec tunnel to connect with fortiguard server or in your environment you may use Fortimanager device to connect to internet and Fortimanager can act as proxy server to establish connectivity with Fortiguard.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.