Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mortirolo
New Contributor

Disabling Fortiguard

A simple question I hope, how do I disable Fortiguard completely (globally) from the command line.

I would like to turn every Fortiguard function off.

 

FW (global) # config system fortiguard FW (fortiguard) # set port                          Port used to communicate with the FortiGuard servers. service-account-id            Service account ID. load-balance-servers          Number of servers to alternate between as first FortiGuard option. antispam-force-off            Enable/disable forcibly disable the service. antispam-cache                Enable/disable FortiGuard antispam cache. antispam-cache-ttl            Time-to-live for cache entries in seconds (300 - 86400). antispam-cache-mpercent       Maximum percent of memory the cache is allowed to use (1-15%). *antispam-timeout              Query time out (1 - 30 seconds). avquery-force-off             Enable/disable forcibly disable the service. avquery-cache                 Enable/disable FortiGuard avquery cache. avquery-cache-ttl             Time-to-live for cache entries in seconds (300 - 86400). avquery-cache-mpercent        Maximum percent of memory the cache is allowed to use (1-15%). *avquery-timeout               Query time out (1 - 30 seconds). webfilter-force-off           Enable/disable forcibly disable the service. webfilter-cache               Enable/disable FortiGuard webfilter cache. webfilter-cache-ttl           Time-to-live for cache entries in seconds (300 - 86400). webfilter-cache-mpercent      Maximum percent of memory the cache is allowed to use (1-15%). *webfilter-timeout             Query time out (1 - 30 seconds). webfilter-sdns-server-ip      IP address of the FortiDNS server. webfilter-sdns-server-port    Port used to communicate with the FortiDNS servers. ddns-server-ip                IP address of the FortiDDNS server. ddns-server-port              Port used to communicate with the FortiDDNS server

 

1 Solution
norouzi
Contributor

I think 

set avquery-force-off enable

set webfilter-force-off enable

set antispam-force-off enable

 

But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.

 

View solution in original post

4 REPLIES 4
norouzi
Contributor

I think 

set avquery-force-off enable

set webfilter-force-off enable

set antispam-force-off enable

 

But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.

 

mortirolo

norouzi wrote:

I think 

set avquery-force-off enable

set webfilter-force-off enable

set antispam-force-off enable

 

But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.

 

That looks like it, making the change over the weekend.

emnoc
Esteemed Contributor III

FWIW

 

I had a hard-up CIO and Security complianec officer, they wanted to filter "unapproved traffic" so what we did was the above but we went extra far. We blackholed all traffic from the  35+ fortinet devices to fortiguard on the appliance our edge router.

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
mortirolo

emnoc wrote:

FWIW

 

I had a hard-up CIO and Security complianec officer, they wanted to filter "unapproved traffic" so what we did was the above but we went extra far. We blackholed all traffic from the  35+ fortinet devices to fortiguard on the appliance our edge router.

 

 

 

Interesting.....in my case, our Fortinet TAM has asked me to turn Fortiguard functionality completely off, regarding a problem ticket we have open. He's replaying 8GB of data traffic through their Spirent devices Lab in Nice, France. He's too busy! Reason for my help on this one.

Labels
Top Kudoed Authors