Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Zyndarius
New Contributor

Created on ‎02-26-2013 08:41 AM

how many times a day does fg update web filter module?

greetings I have this doubt, just how many times a day does a fg unit check with service.fortiguard.net the ratings an al that stuff of the web filter? thank you in advance for any answers.
5323
0 Kudos
4 REPLIES 4
Dave_Hall
Honored Contributor

Created on ‎02-26-2013 09:48 AM

Hi Javier. Going to assume your fgt is on 4.0MR3 and have UTM/web filtering enabled somewhere in a firewall policy. The Fortigate will contact the FortiGuard service whenever there is a URL query that is not contained in the webfilter cache, assuming this cache is enabled and the unit has valid FortiGuard subscription. You can confirm/change these settings from System->Config->FortiGuard. (see attachment.) If you are experiencing issues with the FortiGuard service or content filtering not working, you can use the " get webfilter ?" command to troubleshoot the problem. The fgt device does need a valid working DNS to be able to connect/access the FortiGuard servers though. See also Fortinet KB FD30088 for more troubleshooting steps.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
73 KB
2169
0 Kudos
Zyndarius
New Contributor

Created on ‎02-26-2013 10:56 AM

Oh, I beg your pardon. Yes, the fortigate unit is with fortiOS v4 mr3 patch11, it is a fg620b with working and valid licenses. web filter cache is enabled with ttl of 3600. These are seconds right? So, if I do understand right, every 3600 seconds the webfilter cache expires and therefore the fg620b contacts services.fortiguard.net to renew this cache with all the ratings and categorizations right?
2169
0 Kudos
Dave_Hall
Honored Contributor

Created on ‎02-26-2013 11:17 AM

I think the TTL for each individual entry in the cache. As items " expiry" they are " removed" from the cache. Here is an example of what the cache looks like...
# get webfilter ftgd-statistics Rating Statistics: ===================== DNS failures : 21861 DNS lookups : 21862 Data send failures : 0 Data read failures : 0 Wrong package type : 0 Hash table miss : 0 Unknown server : 0 Incorrect CRC : 0 Proxy request failures : 0 Request timeout : 25844 Total requests : 1747368 Requests to FortiGuard servers : 431816 Server errored responses : 0 Relayed rating : 0 Invalid profile : 0 Allowed : 1545078 Blocked : 0 Logged : 89598 Errors : 22001 Cache Statistics: ===================== Maximum memory : 10504518 Memory usage : 10501291 Nodes : 71940 Leaves : 48889 Prefix nodes : 2410 Exact nodes : 46480 Requests : 1632583 Misses : 431816 Hits : 1200767 Prefix hits : 1101873 Exact hits : 98894 No cache directives : 0 Add after prefix : 1019004 Invalid DB put : 0 DB updates : 5266 Percent full : 100% Branches : 32% Leaves : 68% Prefix nodes : 5% Exact nodes : 95% Miss rate : 26% Hit rate : 74% Prefix hits : 92% Exact hits : 8% #

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
2169
0 Kudos
Zyndarius
New Contributor

Created on ‎02-28-2013 07:41 AM

Ok, thank you very much. By the way, is it possible to know how much time does the fortigate unit take to update with service.fortiguard.net?
2170
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.