Configuring FortiGuard Updates and AntiSPAM Queries

Configuring scheduled updates

You can configure the FortiMail unit to periodically request updates from the FDN or override servers for the FortiGuard Antivirus engine, antivirus definitions, and heuristic antispam rules (antispam definitions).

You can use push updates or manually initiate updates as alternatives or in conjunction with scheduled updates. If protection from the latest viral threats is a high priority, you could configure both scheduled updates and push updates, using scheduled updates as a failover method to increase the likelihood that the FortiMail unit always retrieves periodic updates if connectivity is interrupted during a push notification. While using only scheduled updates could potentially leave your network vulnerable to a new virus, it minimizes short disruptions to antivirus scans that can occur if the FortiMail unit applies push updates during peak volume times. For additional/alternative update methods, see “Configuring push updates” on page 241 and “Manually requesting updates” on page 243.

For example, you might schedule updates every night at 2 AM or weekly on Sunday, when email traffic volume is light.

Before configuring scheduled updates, first verify that the FortiMail unit can connect to the FDN or override server. For details, see “Verifying connectivity with FortiGuard services” on page 237.

To configure scheduled updates

  1. Go to Maintenance > FortiGuard > Update.

Figure 100:FortiGuard Update Options

  1. Under FortiGuard Update Options, enable Scheduled update.
  2. Select one of the following:
GUI item Description
Every Select to request updates once per interval, then configure the number of hours and minutes between each request.
Daily Select to request updates once a day, then configure the time of day.
Weekly Select to request updates once a week, then configure the day of the week and the time of day.

Updating FortiGuard Antivirus definitions can cause a short disruption in traffic currently being scanned while the FortiMail unit applies the new signature database. To minimize disruptions, update when traffic is light, such as during the night.

  1. Click Apply.

The FortiMail unit starts the next scheduled update according to the configured update schedule. If you have enabled logging, when the FortiMail unit requests a scheduled update, the event is recorded in the event log. For details, see “Logs, reports and alerts” on page 665.

Configuring push updates

You can configure the FortiMail unit to receive push updates from the FDN or override server.

When push updates are configured, the FortiMail unit first notifies the FDN of its IP address, or the IP address and port number override. (If your FortiMail unit’s IP address changes, including if it is configured with DHCP, the FortiMail unit automatically notifies the FDN of the new IP address.) As soon as new FortiGuard Antivirus and FortiGuard Antispam packages become available, the FDN sends an update availability notification to that IP address and port number. Within 60 seconds, the FortiMail unit then requests the package update as if it was a scheduled or manually initiated update.

You can use scheduled updates or manually initiate updates as alternatives or in conjunction with push updates. If protection from the latest viral threats is a high priority, you could configure both scheduled updates and push updates, using scheduled updates as a failover method to increase the likelihood that the FortiMail unit will still periodically retrieve updates if connectivity is interrupted during a push notification. Using push updates, however, can potentially cause short disruptions to antivirus scans that can occur if the FortiMail unit applies push updates during peak volume times. For additional/alternative update methods, see “Configuring scheduled updates” on page 240 and “Manually requesting updates” on page 243.

Before configuring push updates, first verify that the FortiMail unit can connect to the FDN or override server. For details, see “Verifying connectivity with FortiGuard services” on page 237.

To configure push updates

  1. Go to Maintenance > FortiGuard > Update.

Figure 101:FortiGuard Update Options

  1. Under FortiGuard Update Options, enable Allow push update.
  2. If the FortiMail unit is behind a firewall or router performing NAT, enable Use override push IP and enter the external IP address and port number of the NAT device.

You must also configure the NAT device with port forwarding or a virtual IP to forward push notifications (UDP port 9443) to the FortiMail unit. For example, if the FortiMail unit is behind a FortiGate unit, configure the FortiGate unit with a virtual IP that forwards push notifications from its external network interface to the private network IP address of the FortiMail unit. Then, on the FortiMail unit, configure Use override push IP with the IP address and port number of that virtual IP. For details on configuring virtual IPs and/or port forwarding, see the documentation for the NAT device.

Push updates require that the external IP address of the NAT device is not dynamic (such as an IP address automatically configured using DHCP). If dynamic, when the IP address changes, the override push IP will become out-of-date, causing subsequent push updates to fail.

If you do not enable Use override push IP, the FDN will send push notifications to the IP address of the FortiMail unit, which must be a public network IP address routable from the Internet.

  1. Click Apply.

The FortiMail unit notifies the FDN of its IP address or, if configured, the override push IP. When an update is available, the FDN will send push notifications to this IP address and port number.

  1. Click Refresh in the FortiGuard Service Status

A dialog appears, notifying you that the process could take a few minutes.

  1. Click OK.

The FDN tests the connection to the FortiMail unit. Time required varies by the speed of the FortiMail unit’s network connection, and the number of timeouts that occur before the connection attempt is successful or the FortiMail unit determines that it cannot connect.

When the connection test completes, the page refreshes. Test results appear in the Push update field.

  • Available: The FDN successfully connected to the FortiMail unit.
  • Unavailable: The FDN could not connect to the FortiMail unit, and cannot send push notifications to it. Verify that intermediary firewalls and routers do not block push notification traffic (UDP port 9443). If the FortiMail unit is behind a NAT device, verify that you have enabled and configured Use override push IP, and that the NAT device is configured to forward push notifications to the FortiMail unit.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiMail and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.