Hi All,
I have a question, if it is possible, to have access to FortiGuard from Fortigate which do not have a direct internet connection? There is a IPsec tunnel between this Fortigate and the Primary Fortigate which has a internet connection so I wonder if there is a posibility to pusch trafick for FortiGuard throug IPsec VPN to the primary device and then to internet?
Maybe there is other solution for this?
Sorry if this question sound stupied but I just starting with Fortigate.
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
You may consider to use FortiManager as local FortiGuard server. Please find more information by following the links below:
Hi gszkiela,
In addition, you can simply tell the FortiGate that doesn't have direct internet to use the IPSec tunnel as default route (including for FortiGuard queries), and set up policies on the primary FortiGate to allow the isolated one access from IPSec to regular internet.
Hello @gszkiela ,
Please check this document on configure a FortiManager without Internet connectivity to access a local FortiManager as FDS
https://docs.fortinet.com/document/fortimanager/6.0.0/administration-guide/161640/configure-a-fortim...
Thanks,
Pavan
Hello,
Yes, it is possible to access FortiGuard services from a FortiGate device that does not have a direct internet connection. You can configure the FortiGate device to send FortiGuard traffic through an IPsec VPN tunnel to a primary FortiGate device that has internet access.
Here are the steps to configure the FortiGate device to send FortiGuard traffic through an IPsec VPN tunnel:
1. Configure the IPsec VPN tunnel: Configure an IPsec VPN tunnel between the FortiGate device and the primary FortiGate device. Make sure that the tunnel is up and running, and that traffic can pass through the tunnel.
2. Configure the FortiGuard settings: Configure the FortiGuard settings on the FortiGate device to use the primary FortiGate device as the FortiGuard server. You can do this by going to System > FortiGuard, and selecting the "Use Custom" option. Then, enter the IP address of the primary FortiGate device as the FortiGuard server.
3. Configure the routing settings: Configure the routing settings on the FortiGate device to send FortiGuard traffic through the IPsec VPN tunnel to the primary FortiGate device. You may need to add a static route or modify the routing settings to ensure that FortiGuard traffic is sent through the IPsec VPN tunnel.
4. Verify the FortiGuard settings: Verify that the FortiGuard settings on the FortiGate device are working correctly. You can do this by checking the FortiGuard logs on the FortiGate device to see if there are any error messages or warnings related to the FortiGuard traffic.
I hope this helps! Let me know if you have any further questions.
Hi gszkiela,
Please be informed that fortigate needs internet connectivity to update the license through fortiguard, so you may route all the traffic to flow through IPsec tunnel to connect with fortiguard server or in your environment you may use Fortimanager device to connect to internet and Fortimanager can act as proxy server to establish connectivity with Fortiguard.
Regards,
Parteek
Hi,
You may use the Tunnel interface as the outgoing interface under FortiGuard settings.
For this to work, please ensure that your tunnel interface has a IP assigned.
BR,
Manosh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.