# config fmupdate service
set avips enable
end# config fmupdate server-override-status
set mode strict
end
# config fmupdate av-ips web-proxy
set address "1.2.3.4"
set port 8080
set status enable
set username "proxy_user"
endLoose: Allow Access Other Servers (if via Proxy cannot reach public FortiGuard servers, FortiManager will try to use default Gateway, if available).
Strict: Access Override Server Only (FortiManager uses only the WebProxy to reach public FortiGuard servers).
Customer upgrade to 6.2 or above. Configuration does not change.
Issue.
Immediately after the upgrade, FortiManager is not able anymore to reach FortiGuard public server via web proxy and cannot download new packages/ DBs.
Explanation.
FortiGuard FortiManager feature, in particular 'server override' part, has been improved from 6.0 to 6.2 and now, when 'Server Override Mode' is set to Strict, it is mandatory to explicitly config server-override server IP, otherwise FortiManager will not know which FDS server to connect.
Solution.
1) Set 'Server Override Mode' to Loose which does not require explicitly server-override configure, thus it will be able to use the Proxy configuration even if there is no default gateway access to Internet.
web proxy is in charge to solve FDN ULS and reach them.
2) Keep 'Server Override Mode' to Strict and explicitly configure FDN public IP server-list on server-override.# config fmupdate fds-setting
# config server-override
set status enable
# config servlist
edit 1
set ip 4.5.6.7
next
end
end
end
Related Articles
Technical Tip: How to configure FortiManager as FortiClients FortiGuard server
Technical Tip: Verifying FortiGuard connectivity on FortiManager
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.