- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Configuring Fortigates to get Fortiguard update fr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Configuring Fortigates to get Fortiguard update from FMG? how?
Hi
We're running Fortigates with v5.2.x and FMG 5.2.1.
How do you tell a fortigate to check FMG for Fortiguard updates before going to the proper Fortiguard Service Service?
The fortiOS manual say
config system central-management
set fortimanager-fds-sigupdate-override enable
set sig-update-server-1 10.10.10.10
set sig-update-server-2 20.20.20.20
set sig-update-server-3 30.30.30.30
end
But none of these commands actually exist in the CLI.
I've seen other websites stating run "set fortimanager-fds-override enable" but this doesn't exist anymore.
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
even I have to say I do not work with 5.2 at the moment because it is too buggy for me I would say following:
config system central-management set mode normal set type fortimanager set fmg "3.3.3.3" #set fmg-source-ip 0.0.0.0 set schedule-config-restore enable set schedule-script-restore enable set allow-push-configuration enable set allow-pushd-firmware enable set allow-remote-firmware-upgrade enable set allow-monitor enable #set serial-number set vdom root set enc-algorithm default config server-list edit 1 set server-type upate server-address 0.0.0.0 end end
The config which points the FGT to FMG is the "config server list". Again I'm not sure but it is visible in this way for me. There is also a addtional command which should be probably disable which means:
include-default-servers {enable | disable} Enable or disable inclusion of public FortiGuard servers in the override server list.
Because this command enables default FortiGuard server etc. I would recommend to disable the stuff because you do not want to use FortiGuard.
Hope this helps
have fun
Andrea
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there,
I have the exact same config and the Fortimanager is not pushing the updates to the Fortigates
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
have you enabled service access on FMG interface?
FMG-VM64 # conf sys interface (interface)# ed port1 (port1)# set serviceaccess fclupdates FortiClient updates access. fgtupdates FortiGate updates access. webfilter-antispam Web filtering and antispam access.
Thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks,
This config is already there.
conf sys int
edit 'port1'
set serviceaccess fgtupdates webfilter-antispam webfilter antispa
This has been enabled on the interface which is connected to the Fortigate firewall and not on the interface which is connected to the Internet? Is this how its meant to be?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This has been enabled on the interface which is connected to the Fortigate firewall
-- correct
what is the FOS version? can you enable below debug see which IP FGT send request to?
diag deb en
diag deb app update 255
and then "exec update-now"
Thanks
simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Fortios is 5.2.6
upd_act.c[275] __upd_act_update-Trying FDS 10.200.1.1:8890 with AcceptDelta=0
upd_comm.c[215] tcp_connect_fds-Proxy tunneling is disabled
This is the correct FMG ip address
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
does FMG link to public FGD and have received latest update?
Thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tcp_connect_fds-Proxy tunneling is disabled
-- from this debug, seems FGT can not reach that IP 10.200.1.1 somehow
so ping from FGT to 10.200.1.1 is OK? and 8890 port is allowed from FGT to FMG?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, thats not the case. The Fortigate happily downloads all the AV/IPS updates and does license verification for the number of vdoms, AV/IPS.
There is no firewall between FMG & FGT
Related Posts
- Fortigates with PPPoE WAN suddenly need... 293 Views
- How to Migrate VLANs to Virtual... 274 Views
- Configuring security profiles Fortigate 548 Views
- firmware 214 Views
- Configuration of fortigate firewall for 30... 190 Views
Labels
-
FortiGate
6,528 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
59 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.