A simple question I hope, how do I disable Fortiguard completely (globally) from the command line.
I would like to turn every Fortiguard function off.
FW (global) # config system fortiguard FW (fortiguard) # set port Port used to communicate with the FortiGuard servers. service-account-id Service account ID. load-balance-servers Number of servers to alternate between as first FortiGuard option. antispam-force-off Enable/disable forcibly disable the service. antispam-cache Enable/disable FortiGuard antispam cache. antispam-cache-ttl Time-to-live for cache entries in seconds (300 - 86400). antispam-cache-mpercent Maximum percent of memory the cache is allowed to use (1-15%). *antispam-timeout Query time out (1 - 30 seconds). avquery-force-off Enable/disable forcibly disable the service. avquery-cache Enable/disable FortiGuard avquery cache. avquery-cache-ttl Time-to-live for cache entries in seconds (300 - 86400). avquery-cache-mpercent Maximum percent of memory the cache is allowed to use (1-15%). *avquery-timeout Query time out (1 - 30 seconds). webfilter-force-off Enable/disable forcibly disable the service. webfilter-cache Enable/disable FortiGuard webfilter cache. webfilter-cache-ttl Time-to-live for cache entries in seconds (300 - 86400). webfilter-cache-mpercent Maximum percent of memory the cache is allowed to use (1-15%). *webfilter-timeout Query time out (1 - 30 seconds). webfilter-sdns-server-ip IP address of the FortiDNS server. webfilter-sdns-server-port Port used to communicate with the FortiDNS servers. ddns-server-ip IP address of the FortiDDNS server. ddns-server-port Port used to communicate with the FortiDDNS server
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think
set avquery-force-off enable
set webfilter-force-off enable
set antispam-force-off enable
But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.
I think
set avquery-force-off enable
set webfilter-force-off enable
set antispam-force-off enable
But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.
norouzi wrote:I think
set avquery-force-off enable
set webfilter-force-off enable
set antispam-force-off enable
But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.
That looks like it, making the change over the weekend.
FWIW
I had a hard-up CIO and Security complianec officer, they wanted to filter "unapproved traffic" so what we did was the above but we went extra far. We blackholed all traffic from the 35+ fortinet devices to fortiguard on the appliance our edge router.
PCNSE
NSE
StrongSwan
emnoc wrote:FWIW
I had a hard-up CIO and Security complianec officer, they wanted to filter "unapproved traffic" so what we did was the above but we went extra far. We blackholed all traffic from the 35+ fortinet devices to fortiguard on the appliance our edge router.
Interesting.....in my case, our Fortinet TAM has asked me to turn Fortiguard functionality completely off, regarding a problem ticket we have open. He's replaying 8GB of data traffic through their Spirent devices Lab in Nice, France. He's too busy! Reason for my help on this one.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.