- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient Update to FMGR
Hello Fellas,
Hope I could get any help.
My Fortigate 1200D already managed by FMGR, I installed Forticlient to my several computer, now how do I check if Forticlient gets its update from FMGR not in internet?
Under Fortigate, Forticlient Profile-->Default Profile--> I set to ON Use Fortimanager for client software/sig update
BR,
Fullmoon
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
has anybody in this forum tried to configure forticlient getting its av update thru fortimanager? thanks
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When FortiClient gets update from FDS, its configuration usually looks like this:
<update> <use_custom_server>0</use_custom_server> <server /> <port>80</port> <timeout>60</timeout> <failoverport /> <fail_over_to_fdn>1</fail_over_to_fdn> <auto_patch>0</auto_patch> <update_action>notify_only</update_action> <scheduled_update> <enabled>1</enabled> <type>interval</type> <daily_at>01:00</daily_at> <update_interval_in_hours>1</update_interval_in_hours> </scheduled_update> </update>
You can backup your FortiClient config to see what it looks like.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris,
Thanks for the inputs. Pls see my xml looks like
<use_custom_server>1</use_custom_server> <server>10.2.2.102</server>------------->>My Fortimanger IP <port>80</port> <timeout>60</timeout> <failoverport /> <fail_over_to_fdn>1</fail_over_to_fdn> <auto_patch>0</auto_patch> <update_action>notify_only</update_action> <scheduled_update> <enabled>1</enabled> <type>interval</type> <daily_at>01:00</daily_at> <update_interval_in_hours>1
But everytime my forticlient start to update it give failed update result.
From workstations I can confirmed that Fortimanager is reachable.
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
<fail_over_to_fdn>1</fail_over_to_fdn> means if it fails to get update from FortiManager, it will try Fortinet servers (if it works correctly).
Is your FortiManager configured to accept FortiClient update request?
If you can change FortiClient log level to "Debug" for "Update" (you may need to un-register to do that), you may be able to see the update attempt sequence and why it fails.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris,
Thanks for inputs!
For the update there is no hierarchy?I mean since the first line shows it will hit first the fmgr then followed by fdn.
Is your FortiManager configured to accept FortiClient update request?--Can you shed where I can find this in FMGR settings?
I even tried to disable advance config and enabled the button get update from fmgr in the default profile but no success.
I need fmgr to push update to all forticlients its because there are workstations don't have direct internet access.
Appreciate your feedback.
BR,
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To enable FortiManager to provide signature update to FortiClient, maybe it's in
config fmupdate fct-services
...
config fmupdate device-version
set fct 5.0 6.0
...
You can always get an admin guide or ask Fortinet Support.
On FortiClient side, with your config, it will try FortiManager a couple times then try FDS.