I thought this might be helpful for others to know
So the issue we were having was that in 6.2.3 we were able to use port 8888 for the FortiGuard Filtering Services. But once we upgraded to 6.4.1 it was only to use 443. config system fortiguard set protocol HTTPS(Would not allow change to UDP) set port 443(Would not allow change to any other port)
The error we would get for "set protocol udp" was
command parse error before 'udp'
command fail. Return code -61
And similarly the error we would get for "set port 8888" was
command parse error before '8888'
command fail. Return code -61
So it turns out that after speaking to one of the Enterprise Solution Architects the issue use fixed by changing
config system fortiguard set fortiguard-anycast enable to config system fortiguard set fortiguard-anycast disable then we were able to make the settings this (Details Omitted with *) config system fortiguard set protocol udp set port 8888 set fortiguard-anycast disable set proxy-server-ip *.*.*.* set proxy-server-port 3128 set proxy-username * set proxy-password * So long story short if "fortiguard-anycast" is set to "enable" on 6.4.1 the only option for "FortiGuard Filtering Services" is HTTPS/443 but with it set to "disable" UDP and the other port (eg. 8888) become options you can set in the CLI
I am looking at this wondering since Fortinet did recomend port 8888/udp in the release notes of 6.2.x ...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
I bumped up against this with one of the several tickets I had to open on 6.4.1 and the first tech didn't know this. Just learned this week about this configuration. Thanks for putting it out there!
User | Count |
---|---|
983 | |
818 | |
446 | |
440 | |
130 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.