Hi,
In the FortiGate, I can see there are traffics initiating from FortiGate' IP address (10.90.0.2) to IP Public which is globalupdate.fortinet.net.
I have configured the FGT so that it will use FortiManager as local FDN, but seems like the FortiGate still trying to IP Public by itself. How to disable it in FortiGate?
config system central-management
set type fortimanager
set fmg "10.1.71.57"
set fmg-source-ip 10.90.32.11
config server-list
edit 1
set server-type update rating
set server-address 10.1.71.57
next
end
set interface-select-method sdwan
end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @arie_arie ,
When I reviewed your configuration, I saw the configuration for rating and update on the same line. Can you separate these configurations like that? Maybe the problem is caused by that.
config system central-management
set type fortimanager
set fmg "10.1.71.57"
set fmg-source-ip 10.90.32.11
config server-list
edit 1
set server-type rating
set server-address 10.1.71.57
next
edit 2
set server-type update
set server-address 10.1.71.57
next
end
set interface-select-method sdwan
end
Also, can you restart fds service on Fortigate?
diag fmupdate service-restart fds
You can follow that document for use FortiManager as FDN server.
Hi,
It can't separate the rating and update using same IP address.
Can you configure "set include-default-servers disable " under central-management and check.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-setup-FortiGate-to-get-updates-from...
Hi,
I tried to configure "set include-default-servers disable " but still there are traffics to fortinet.
This is to globalproductapi.fortinet.net, do you see traffic to globalupdate.fortinet.net now?
globalproductapi.fortinet.net is used for GUI icon download and not fortiguard updates- ref :
https://docs.fortinet.com/document/fortigate/7.4.0/fortios-ports/622145/anycast-and-unicast-services
Hi,
Yes, I don't see traffic to globalupdate.fortinet.net anymore.
For globalproductapi.fortinet.net, I tried disable "set fortiguard-anycast disable" in system fortiguard.
Now, the remaining is to this msgctrl1.fortinet.com, what does it for? And how to disable it?
All cloud communication can be disabled with the following CLI command:
config system global set cloud-communication disable end
Hi,
After disable all cloud communication, now there are traffic to update.fortiguard.net and productapi.fortinet.com.
Can you verify " set include-default-servers disable" is still in place?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.