Set proxy for Forticlient signatures

GlowTube · ‎07-02-2014

At sysadmin' s request I' ve installed Forticlient on my Windows 7 machine. It works well and I am able to connect to the VPN' s that I need. Problem is that even though I' ve disabled the virus scanner (as I have a trusted one already) Forticlient still periodically tries to fetch the virus signature database. This will fail every time because we are behind a web proxy. Nowhere in the Forticlient UI do I see a way to set proxy information or alternatively to turn off signature update polling permanently. Other documentation talks about FortiManager and such, but I do not have this application on my PC, at least not in an obvious place. Lastly it appears that Forticlient is not sensitive to the system proxy settings, which are correct and would result in success if used. For me, turning off this behavior is preferable to enabling its success, and if it takes a few registry changes that' s fine. The signature update failures keep coming in. Advice appreciated.

Chris_Lin_FTNT · ‎07-07-2014

What version of FortiClient are you using? If you back the FortiClient config, you will see something like  <update_action>notify_only</update_action> You can disable update that way. Or if you use 5.2 FortiClient, when you install it you can choose " VPN only" so that it doesn' t have AV.

GlowTube · ‎07-07-2014

Thanks Chris. I' m a little confused by your suggestion. I am running Forticlient 5.0.9.347. After a config backup I see the XML value <update_action>notify_only</update_action> but in reading the XML comment it seems that this value applies to software updates, while the thing I' m trying to address in this post is the antivirus signature database (unless that is considered a " software update" too). Regardless of the distinction, my system is not just doing a notify_only, but is actively trying to fetch the signatures and failing every time. Later in the same file I see the XML values <antivirus> <enabled>1</enabled> <signature_expired_notification>0</signature_expired_notification> which seem related to my problem. Should I simply set enabled to zero here? Lastly, the file does have some mention of a " fortiproxy" but this does not seem to be related to fetching the signatures, and there isn' t an XML value to allow the proxy URL to be set, so I' m guessing that isn' t it.

Chris_Lin_FTNT · ‎07-14-2014

Sorry GlowTube. You are right, <update_action> is for software update, but not signature update. When using <antivirus><enable>0 , in FortiClient 5.2.0 it won' t try to download av signature. But it' s in 5.2.0 though. fortiproxy is irrelevant.

GlowTube · ‎07-16-2014

I tried disabling the antivirus in the XML file and reloading it, but sadly it doesn' t have the same effect for a 5.0 client as it does for 5.2 - the software continues to attempt to fetch signature updates. Oh well, here' s my final attempt: there are 34 .exe' s in my Forticlient directory. Do you think that if I rename a few, the signature-fetching would stop due to file-not-found? If so, which?

Chris_Lin_FTNT · ‎07-16-2014

It' s a bug in 5.0.9 where it still try to download signature even when AV is disabled. Do you have to use 5.0.9, instead of 5.2.0? Since 5.2.0 works in this respect.

Set proxy for Forticlient signatures

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website