Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johndj1982
New Contributor

Fortiguard Servers

What are the fortiguard servers ip addresses and ports? I want to explicitly add them in fw policy. Thanks
4 REPLIES 4
Dave_Hall
Honored Contributor

No need to explicitly add them to any firewall policy as the fgt device will contact the servers outside of normal firewall policies. But to get a list, from the CLI, type get webfilter status. From this list, the fgt device will usually choose the server that gives the fastest response. The Fortigate will use either port 53 (usually DNS port) or port 8888 -- you can choose which port used by going to Config->FortiGuard->Web Fitering and Email Filtering Options.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
johndj1982
New Contributor

Hi, Thanks for the info. Please correct me if i misunderstood your statement. My WAN 1 is connected to our internet edge module. So even if I don' t have any policy for this, the fgt device would still be contacted by the server list in the output?
Dave_Hall
Honored Contributor

Yes; however it' s the other way around -- the fgt will contact the FortiGuard service via one of the IPs listed (it doesn' t contact all of them) -- whichever IP has the fastest response time to quires. This document explains more about the FortiGuard service, how to set up up on your fgt device and how to troubleshoot issues relating to it. Edit: I should add that if you have some sort of firewall/hardware device in front of the fgt or your ISP does some wonky port blocking, you may need to adjust some settings, either on the fgt, edge device, or ISP' s WAN device, to get the FortiGuard service connection working. That document I have linked too, is a start.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
johndj1982
New Contributor

Thanks for the help Dave. Appreciate it.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors