Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Vanessa6
New Contributor

Created on ‎11-27-2014 04:30 AM

Package Management - Service Status -> Never updated

Hi guys,

 

we have a problem using FortiManager to manage a FortiGate60D (Fortimanager and Fortigate both running 5.2.0, Fortimanager is virtual and with a testing license).

Under Fortiguard -> Package Management -> Service Status the FGT60D is listed but with status "Never Updated".

Other synchronisation like config and policy work properly.

Under "Licensing Status" the device is listed with valid license for each point.

 

On the Fortigate license information page web filtering is declared as unreachable.

 

Unfortunately, we don't have any experience with FortiManager so far. Therefore another short question: Is it necessary to configure the FortiGate to use Fortimanager to get AV, IPS and Webfilter updates or is this done with installing the device on FortiManager?

 

Thanks a lot in advance.

 

Vanessa

 

8993
0 Kudos
6 REPLIES 6
Dave_Hall
Honored Contributor

Created on ‎11-27-2014 08:05 AM

Not that familiar with the 5.2 codebase, but as far as I am aware the Fortigate should be able to fetch AV/IPS updates directly from the FortiGuard servers, providing it can use DNS to resolve their FQDNs into IP addresses.  The Fortigate will also need a valid FortiGuard subscription -- you can check the License Information widget on the the dashboard for this. 

 

If the Fortiate can not reach the FortiGuard servers, confirm it has valid DNS settings and that the default port 53 (alternate port 8888) are not blocked.  There are several forums posts on how to troubleshoot FortiGuard related issues, such as this thread or official Fortient documentation.

 

You can choose to use the FortiManager for FortiGuard updates, providing you have previously configured it to fetch these updates itself.  (See attached pic.)

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
66 KB
3689
0 Kudos
Vanessa6
New Contributor

Created on ‎11-27-2014 09:04 AM

Thank you, Dave.

Unfortunately there is not the possibility to use FortiManager for FortiGuard Updates (see screenshot). Seems this is removed in FortiOs 5.2

Our customer wants to use the Fortiguard updates from Fortimanager. But I can't find where to configure this; neither in the webfrontend nor on CLI.

Any ideas?

 

Preview file
20 KB
3689
0 Kudos
scao_FTNT
Staff
Staff

Created on ‎11-27-2014 09:24 AM

Hi, for 5.2 FOS, pls try below CLI config

 

v8 # conf system central-management v8 (central-management) # conf server-list    FortiGuard override server list. v8 (central-management) # conf server-list v8 (server-list) # edit 1 new entry '1' added v8 (1) # set *server-type       FortiGuard service type. *server-address    IP address of override server. v8 (1) # set server-type update    AV, IPS, and AV-query update server. rating    Web filter and anti-spam rating server. Thanks Simon

3689
0 Kudos
Vanessa6
New Contributor

Created on ‎11-28-2014 06:11 AM

Thank you, Simon.

Setup is working fine with this configuration.

 

Btw, there's a mistake in the FortiOS CLI reference about that. The descriptions for the two different server types are interchanged

3689
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎11-28-2014 06:30 AM

Would you be so nice to report the error to the Doc team? They can be reached via techdoc@fortinet.com. I can assure you that these people do care and take action soon.

To help them you could cite the exact document (2nd page) and the page on which the error is found (pg. 476 in this case).

Thanks.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3689
0 Kudos
Vanessa6
New Contributor

Created on ‎11-28-2014 07:46 AM

No problem. Email sent to the doc team :)

3689
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.