- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disabling Fortiguard
A simple question I hope, how do I disable Fortiguard completely (globally) from the command line.
I would like to turn every Fortiguard function off.
FW (global) # config system fortiguard FW (fortiguard) # set port Port used to communicate with the FortiGuard servers. service-account-id Service account ID. load-balance-servers Number of servers to alternate between as first FortiGuard option. antispam-force-off Enable/disable forcibly disable the service. antispam-cache Enable/disable FortiGuard antispam cache. antispam-cache-ttl Time-to-live for cache entries in seconds (300 - 86400). antispam-cache-mpercent Maximum percent of memory the cache is allowed to use (1-15%). *antispam-timeout Query time out (1 - 30 seconds). avquery-force-off Enable/disable forcibly disable the service. avquery-cache Enable/disable FortiGuard avquery cache. avquery-cache-ttl Time-to-live for cache entries in seconds (300 - 86400). avquery-cache-mpercent Maximum percent of memory the cache is allowed to use (1-15%). *avquery-timeout Query time out (1 - 30 seconds). webfilter-force-off Enable/disable forcibly disable the service. webfilter-cache Enable/disable FortiGuard webfilter cache. webfilter-cache-ttl Time-to-live for cache entries in seconds (300 - 86400). webfilter-cache-mpercent Maximum percent of memory the cache is allowed to use (1-15%). *webfilter-timeout Query time out (1 - 30 seconds). webfilter-sdns-server-ip IP address of the FortiDNS server. webfilter-sdns-server-port Port used to communicate with the FortiDNS servers. ddns-server-ip IP address of the FortiDDNS server. ddns-server-port Port used to communicate with the FortiDDNS server
Solved! Go to Solution.
- Labels:
-
5.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think
set avquery-force-off enable
set webfilter-force-off enable
set antispam-force-off enable
But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think
set avquery-force-off enable
set webfilter-force-off enable
set antispam-force-off enable
But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
norouzi wrote:I think
set avquery-force-off enable
set webfilter-force-off enable
set antispam-force-off enable
But if you disable AV & IPS schedule update and Web Filtering/Email Filtering in System > Config > FortiGuard , theses services will be disable.
That looks like it, making the change over the weekend.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FWIW
I had a hard-up CIO and Security complianec officer, they wanted to filter "unapproved traffic" so what we did was the above but we went extra far. We blackholed all traffic from the 35+ fortinet devices to fortiguard on the appliance our edge router.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emnoc wrote:FWIW
I had a hard-up CIO and Security complianec officer, they wanted to filter "unapproved traffic" so what we did was the above but we went extra far. We blackholed all traffic from the 35+ fortinet devices to fortiguard on the appliance our edge router.
Interesting.....in my case, our Fortinet TAM has asked me to turn Fortiguard functionality completely off, regarding a problem ticket we have open. He's replaying 8GB of data traffic through their Spirent devices Lab in Nice, France. He's too busy! Reason for my help on this one.