Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Update Forticlient antivirus signatures without internet access (with FortiManager, FortiEMS)


Hi all,


We have servers (Windows servers) that are in a 3 tier model and therefore do not have Internet access. We want to do antivirus updates on these servers via fortimanager and fortiems. I saw on the admin guides the steps, here is attached:


Configuring FortiGuard Services settings | FortiClient 7.2.1


Enabling push updates | FortiManager 7.2.2



The problem is that it's quite difficult to understand how by checking the boxes, the servers will have access to the updates.


Can you explain to me a little more the method to be carried out for the fortimanager and the fortiems so that the servers can be updated without using the Internet.





New Contributor

To update the servers without using the Internet via FortiManager and FortiEMS, you need to follow these steps:

  1. Configuring FortiGuard Services settings on FortiClient: FortiClient is the endpoint protection software that runs on the servers. In FortiClient 7.2.1, you need to configure the FortiGuard Services settings. This involves specifying the update servers that FortiClient should connect to for retrieving the antivirus updates.

  2. Enabling push updates on FortiManager: FortiManager is the centralized management platform for your Fortinet devices. In FortiManager 7.2.2, you need to enable push updates. This allows FortiManager to distribute the antivirus updates to the servers.

By following these steps, you can establish a mechanism where the FortiManager, acting as an intermediary, pushes the antivirus updates to the servers. The servers themselves don't need direct access to the Internet.

New Contributor II


We had already done this on forticlient and fortimanager. Here are the following screenshots:

Annotation 2023-07-17 095308.png

For FortiClient, we put the IP address of the fortimanager with the port 9443.




Annotation 2023-07-17 095321.png

For FortiManager, we have enabled push update and set the FortiEMS IP address to port 9443.


This is correct?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors