Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
poseidon97
New Contributor

IP address on FortiGate 300D

I have noticed in the log after hearing a couple of complaints from the vendor that automatic firmware and updates were not coming in.  At first I thought it was my iPrism content filtering doing it, but I whitelisted there.  Then after looking in the AV section of the log in FortiGate, I see where the multiple internal IPs were being blocked by the AV.  MUZAK is the name of the vendor, and handles our hospitality properties lobby music system.  They are utilizing FTP.  I am currently not using FortiGate's web content filtering, but I also cannot seem to find where I can possibly whitelist this one IP.  Any thoughts?  I'm sure its simple, and I am making it out to be harder than it probably is.

1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

If there is no out-to-in policy related to the service, the updates sessions must be initiated by the internal devices and likely using the default outgoing policy. I'm assuming the ventor's server IPs are relatively static, or at least they have FQDNs. Then separate a policy from those internal devices to the server IPs to see if that make the updates work. Once you know the new policy is used, you can apply proper protection profiles like AV, webfilter, or not to apply.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors