Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ALoop
New Contributor

Cannot set interface IP for FortiGuard/WebFiltering

Following this documentation for FortiManager:

https://docs.fortinet.com/document/fortimanager/7.0.5/administration-guide/578841

 

It states:

Specifying the IP address is optional. If you do not change the default IP address (0.0.0.0), the interface IP address is used.

 

When I enabled FortiGuard and WebFiltering, it shows  0.0.0.0/0.0.0.0. Then I click "OK" and a loading icon spins on "OK" and no changes are made. In the information icon it says the IP 'should' be different than the interface IP, but this documentation also says I can set the default 0.0.0.0 to use the interface IP but it won't save the config. If I use a different IP it saves instantly. Any help is greatly appreciated, than

8 REPLIES 8
Christian_89
Contributor III

It seems that you are experiencing an issue when configuring FortiGuard and WebFiltering settings on your FortiGate unit. The behavior you described, where the configuration does not save when using the default IP address (0.0.0.0), suggests a possible configuration limitation or a bug in the FortiGate firmware.

In the documentation you mentioned, it states that specifying the IP address is optional, and if you leave it as 0.0.0.0, the interface IP address should be used. However, if the configuration does not save when using the default IP address, you should consider using a different IP address to ensure that the configuration is applied correctly.

To resolve the issue, I would recommend the following steps:

1. Use a different IP address for the FortiGuard and WebFiltering settings. Choose an IP address that is within the correct range and is not already assigned to another interface or device.

2. Save the configuration after entering the new IP address. Ensure that the configuration saves successfully without any errors or warnings.

3. After saving the configuration, verify that the new IP address is applied correctly by checking the configuration settings or running relevant commands to display the FortiGuard and WebFiltering configuration.

If you continue to experience issues or if the problem persists even after using a different IP address, I would recommend reaching out to Fortinet support for further assistance. They can provide specific guidance and troubleshooting steps based on your FortiGate model and firmware version.

ALoop

While I can do that, I'd like to set it to 0.0.0.0 and use the interface IP like the documentation says I can.

 

This is on FortiManager v7.0.5-build0365 221013 (GA).

Toshi_Esumi
Esteemed Contributor III

I think it's because setting the interface address explicitly to its service access address wouldn't change anything how it operates, and it would change it back to the default setting.
It's meaningful only when you need to change the source IP from the outgoing interface address IP.

 

Toshi

ALoop

What's happening is the interface's IP address is for example 10.10.15.10

 

If I click the checkbox for FortiGuard Updates, and Web Filtering it shows 0.0.0.0/0.0.0.0.

If I click "OK" it just spins with a loading circle icon on "OK" and nothing gets saved. I can hit "cancel" but then I don't have what I want enabled.

If I try again and enabled FortiGuard and WebFiltering and this time enter 10.10.15.10 for both it spins and nothing gets changed. I have to click cancel.

 

If I configure 2 new IPs and set FortiGuard to 10.10.15.11 and Web Filtering to 10.10.15.12, it saves instantly and works. However, I don't want to use 2 different IPs, I want to use the same IP as the interface like it suggests I can do by leaving the config enabled and on 0.0.0.0/0.0.0.0.

Toshi_Esumi
Esteemed Contributor III

As you say in that particular area, 0.0.0.0/0.0.0.0 is equal to 10.10.15.10. Just leave it 0.0.0.0/0.0.0.0 if you don't want to change from the interface IP.

 

Toshi

ALoop

I can't leave it as 0.0.0.0/0.0.0.0.

 

When I click "OK" it spins and nothing changes, that's the issue :\

Toshi_Esumi
Esteemed Contributor III

It doesn't happen to our 7.0.7 FMG-VM.

srajeswaran
Staff
Staff

Using a different IP address using "bind to IP Address" option is only required if you would like to use TCP/443 for the Fortiguard updates between your Fortigates and FortiManager.

If you don't specify any IP address and leave it as "0.0.0.0/0.0.0.0"(default value) the interface IP will be used.

FortiManager will accept port 8890 for package updates and port 53/8888 for web filtering.

 

Changing/Specifying the IP is required only if you need to force TCP/443, if not, please leave it as default.

 

https://docs.fortinet.com/document/fortimanager/6.2.2/new-features/899796/fortimanager-supports-secu...

https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiGate-configuration-for-using-Forti...

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Labels
Top Kudoed Authors