Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hiroki3
New Contributor

FortiGuard updates using a proxy server

I want to check the IP address of the sender so that it is not blocked by the policy of the security device up to the proxy server.
The following settings are included in order to use a proxy server when updating signatures or renewing licenses.
At this time, which source IP address should be used for packets originating from Fortigate?
Is it the Mgmt port? Or is it an interface for data communication close to the proxy server?


config system autoupdate tunneling
set status enable
set address “10.**. **. **” ⇒ IP address of the proxy server
set port 8080

 

1 Solution
funkylicious
SuperUser
SuperUser

Hi,

If I'm not mistaken, if you have the mgmt port configured it will use it, if not then it will be the interface that as a route/closest to the proxy.

 

https://docs.fortinet.com/document/fortigate/7.0.5/cli-reference/110620/config-system-fortiguard

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-dedicated-management-interface-for/t...

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
3 REPLIES 3
funkylicious
SuperUser
SuperUser

Hi,

If I'm not mistaken, if you have the mgmt port configured it will use it, if not then it will be the interface that as a route/closest to the proxy.

 

https://docs.fortinet.com/document/fortigate/7.0.5/cli-reference/110620/config-system-fortiguard

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-dedicated-management-interface-for/t...

"jack of all trades, master of none"
"jack of all trades, master of none"
hiroki3

Thanks for the quick reply.
You mean whether the “set source-ip” setting is included in the ”config system fortiguard”.
I just looked and the setting was not included.
In this case, I assume that the interface close to the proxy will be used, but if you know how to check which interface is actually used by Fortigate, I would appreciate it if you could let me know.

hiroki3

The packet capture confirmed the IP address of the interface for data as the source.
Thank you.

I saw a DNS packet for “globalfctupdate.fortinet.net”.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors