Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlexFeren
New Contributor III

Clarification of FortiManager's "Server Override Mode"

Administration Guide says "Server Override Mode Select Strict (Access Override Server Only) or Loose (Allow Access Other Servers) override mode. " and CLI documentation for "config fmupdate server-override-status" isn't much more helpful.

 

Clarification of what this does, would be much appreciated.

1 Solution
scao_FTNT

yes, it is for below example CLI, you can also config from GUI

 

config fmupdate av-ips fgt server-override         config servlist             edit 1                 set ip 10.2.2.2             next         end     set status enable end config fmupdate web-spam fgt server-override         config servlist             edit 1                 set ip 10.2.1.1             next         end     set status enable end

 

Thanks

 

Simon

View solution in original post

3 REPLIES 3
scao_FTNT
Staff
Staff

for Strict mode, FMG will only connect to the override server IP you configured, and even it fails, FMG will NOT try to connect public FDS server list

 

for Loose mode, FMG will still connect to public FDS if failed to connect to override server

 

Thanks

 

Simon

AlexFeren
New Contributor III

Simon, thanks.. Your response is only in reference to override servers configured using "config fmupdate av-ips fgt server-override" and "config fmupdate web-spam fgt server-override"?

scao_FTNT

yes, it is for below example CLI, you can also config from GUI

 

config fmupdate av-ips fgt server-override         config servlist             edit 1                 set ip 10.2.2.2             next         end     set status enable end config fmupdate web-spam fgt server-override         config servlist             edit 1                 set ip 10.2.1.1             next         end     set status enable end

 

Thanks

 

Simon