Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Vanessa6
New Contributor

Package Management - Service Status -> Never updated

Hi guys,

 

we have a problem using FortiManager to manage a FortiGate60D (Fortimanager and Fortigate both running 5.2.0, Fortimanager is virtual and with a testing license).

Under Fortiguard -> Package Management -> Service Status the FGT60D is listed but with status "Never Updated".

Other synchronisation like config and policy work properly.

Under "Licensing Status" the device is listed with valid license for each point.

 

On the Fortigate license information page web filtering is declared as unreachable.

 

Unfortunately, we don't have any experience with FortiManager so far. Therefore another short question: Is it necessary to configure the FortiGate to use Fortimanager to get AV, IPS and Webfilter updates or is this done with installing the device on FortiManager?

 

Thanks a lot in advance.

 

Vanessa

 

6 REPLIES 6
Dave_Hall
Honored Contributor

Not that familiar with the 5.2 codebase, but as far as I am aware the Fortigate should be able to fetch AV/IPS updates directly from the FortiGuard servers, providing it can use DNS to resolve their FQDNs into IP addresses.  The Fortigate will also need a valid FortiGuard subscription -- you can check the License Information widget on the the dashboard for this. 

 

If the Fortiate can not reach the FortiGuard servers, confirm it has valid DNS settings and that the default port 53 (alternate port 8888) are not blocked.  There are several forums posts on how to troubleshoot FortiGuard related issues, such as this thread or official Fortient documentation.

 

You can choose to use the FortiManager for FortiGuard updates, providing you have previously configured it to fetch these updates itself.  (See attached pic.)

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Vanessa6
New Contributor

Thank you, Dave.

Unfortunately there is not the possibility to use FortiManager for FortiGuard Updates (see screenshot). Seems this is removed in FortiOs 5.2

Our customer wants to use the Fortiguard updates from Fortimanager. But I can't find where to configure this; neither in the webfrontend nor on CLI.

Any ideas?

 

scao_FTNT
Staff
Staff

Hi, for 5.2 FOS, pls try below CLI config

 

v8 # conf system central-management v8 (central-management) # conf server-list    FortiGuard override server list. v8 (central-management) # conf server-list v8 (server-list) # edit 1 new entry '1' added v8 (1) # set *server-type       FortiGuard service type. *server-address    IP address of override server. v8 (1) # set server-type update    AV, IPS, and AV-query update server. rating    Web filter and anti-spam rating server. Thanks Simon

Vanessa6
New Contributor

Thank you, Simon.

Setup is working fine with this configuration.

 

Btw, there's a mistake in the FortiOS CLI reference about that. The descriptions for the two different server types are interchanged

ede_pfau
Esteemed Contributor III

Would you be so nice to report the error to the Doc team? They can be reached via techdoc@fortinet.com. I can assure you that these people do care and take action soon.

To help them you could cite the exact document (2nd page) and the page on which the error is found (pg. 476 in this case).

Thanks.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Vanessa6
New Contributor

No problem. Email sent to the doc team :)