Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bigkeoni64
Contributor

Fortimanager and ISDB

Hello

I've got 8 HA firewall pairs that I need to make sure the new IP scheme from Mimecast is updated in the ISDB. Can this be done via the FMG or do I need to go to each FortiGate HA pair?

 

Or does the FMG only point to the FortiGuard servers?

 

Thank you

2 Solutions
gfleming

Just got access to my FMG. You can also see all of the ISDB entries if you create a new policy in FMG, click the "Destination Internet Service" toggle and then click the "+" and then view the services in the resulting panel.

gfleming_0-1672952797265.png

 

Cheers,
Graham

View solution in original post

gfleming

You should see the entries in FMG as well. Click the edit icon next to the object.


And yes FortiGuard updates the ISDB entries daily. You do not have to do anything.

Cheers,
Graham

View solution in original post

6 REPLIES 6
gfleming
Staff
Staff

ISDB is updated directly from FortiGuard. So if you reference an ISDB object either directly in your FortiGate policy or via a FortiManager policy package, it will use the latest version availble from FortiGuard. This assumes your FortiGates are getting FortiGuard updates of course...

Cheers,
Graham
bigkeoni64

Understood, Graham - thanks for responding.

To be more specific on my question, I know I am able to see all of the ISDB entries in the FortiGate, but to save me time by going to 8 Firewall's, can I just look somewhere at all the ISDB entries in FMG?

 

Or does the FMG not have the 17,000 plus entries and you can only see them in the FortiGate?

gfleming

I'm not in front of a FMG instance at the moment but if your goal it to just browse the IDSB entries this info is available at fortiguard.com:

 

https://www.fortiguard.com/encyclopedia?type=isdb

Cheers,
Graham
gfleming

Just got access to my FMG. You can also see all of the ISDB entries if you create a new policy in FMG, click the "Destination Internet Service" toggle and then click the "+" and then view the services in the resulting panel.

gfleming_0-1672952797265.png

 

Cheers,
Graham
bigkeoni64

I actually had to go into the FortiGate (the root one) and view all of the entries for that service. I was tasked to drill down deep to make sure Mimecast new subnets were added to the ISDB.

 

I'd imagine FortiGuard works with all the different vendors on a regular basis? I mean there is nothing for us to do since we do not update the ISDB and it comes from the FortiGuard servers.

gfleming

You should see the entries in FMG as well. Click the edit icon next to the object.


And yes FortiGuard updates the ISDB entries daily. You do not have to do anything.

Cheers,
Graham
Labels
Top Kudoed Authors