Fortiguard registration

Daniel_De_Abreu · ‎10-27-2013

Hi to all. My fortigate can not access the internet unfortunately as it is in a safe environment, what i am trying to do is to create a route to the fortiguard network so i can allow trafic on the main firewall coming from my fortigate going to the fortiguard network, then this device can register. Would someone know the list of ip from the fortiguard network and also the ip that the fortigate register into the fortiguard network so i can create this route? Thanks very much. Daniel Leite de Abreu.

Daniel De Abreu

Dave_Hall · ‎10-27-2013

Would someone know the list of ip from the fortiguard network and also the ip that the fortigate register into the fortiguard network so i can create this route?

Enter " get webfilter status" on the CLI to get a list of IP addresses for the FortiGuard servers -- though I bet this list changes from time to time and region to region. Fortigate needs to be connected to the outside network to be able to generate that list. (An nslookup on service.fortiguard.net appears to return some of these IP addresses, though.) Whether the fgt uses the same servers for registering is a good question. The actual service (for FortiGuard quires) is accessible via port 53 (same as DNS) or port 8888. If this is the same port you could always open a port on your existing firewall, allowing the fgt to communicate through it. (Somewhere in some of the FortiGuard troubleshooting guides it mentions being able to set an IP address for the Fortigate to use if it is not able to locate the FortiGuard servers via DNS.)

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

ede_pfau · ‎10-28-2013

Maybe the diagnose hints from Support can be helpful: https://forum.fortinet.com/FindPost/97283

Ede Kernel panic: Aiee, killing interrupt handler!

Alivo__FTNT · ‎11-06-2013

for fortiguard IP addresses" nslookup service.fortiguard.net in windows command line not sure if route will help for local originated traffic but am bad at routing and that. Is the fortigate behind proxy? if yes, try: FW81CM-1 # config system autoupdate tunneling FW81CM-1 (tunneling) # set address Web proxy IP address or FQDN. password Web proxy password. port Web proxy port. status Enable/disable web proxy tunnelling. username Web proxy username. Another (new) guide addressing fortiguard issues is in latest 5.0.4 cookbook (I think) somewhere at the beginning. some info about ports used: Originating Traffic: FortiGuard Antispam or Web Filtering rating lookup UDP 53 or UDP 8888 FDN server list UDP 53 or UDP 8888 FortiGuard Antivirus or IPS update TCP 443 (When requesting updates from a FortiManager unit instead of directly from the FDN, this port must be reconfigured as TCP 8890.) Receivable Traffic - (Listening Ports) FortiGuard Antivirus and IPS update push The FDN sends notice that an update is available. UDP 9443 Update downloads then occur on standard originating ports for updates. (TCP 443) Rest info is here: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=10773&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=54787439&stateId=0%200%2054789447

livo

Fortiguard registration

Nominate a Forum Post for Knowledge Article Creation