Chapter 2 – Getting Started

Leave a reply

To enable scheduled updates – CLI

config system autoupdate schedule set status enable

set frequency {every | daily | weekly}

set time <hh:mm>

set day <day_of_week>

end

 

Push updates

Push updates enable you to get immediate updates when new virus or intrusions have been discovered and new signatures are created. This ensures that when the latest signature is available it will be sent to the FortiGate.

When a push notification occurs, the FortiGuard server sends a notice to the FortiGate that there is a new signature definition file available. The FortiGate then initiates a download of the definition file, similar to the scheduled update.

To ensure maximum security for your network, you should have a scheduled update as well as enable the push update, in case an urgent signature is created, and your cycle of the updates only occurs weekly.

 

To enable push updates – GUI

1. Go to System > FortiGuard.

2. Click the Expand Arrow for AV and IPS Options.

3. Select Allow Push Update.

4. Select Apply.

To enable push updates – CLI

config system autoupdate push-update set status enable

end

 

Push IP override

If the FortiGate is behind another NAT device (or another FortiGate), to ensure it receives the push update notifications, you need to use an override IP address for the notifications. To do this, you create a virtual IP to map to the external port of the NAT device.

Generally speaking, if there are two FortiGate devices as in the diagram below, the following steps need to be completed on the FortiGate NAT device to ensure the FortiGate on the internal network receives the updates:

  • Add a port forwarding virtual IP to the FortiGate NAT device that connects to the Internet by going to Firewall

Objects > Virtual IP.

  • Add a security policy to the FortiGate NAT device that connects to the Internet that includes the port forwarding virtual IP.
  • Configure the FortiGate on the internal network with an override push IP and port.

On the FortiGate internal device, the virtual IP is entered as the Use push override IP address.

To enable push update override- GUI

1. Go to System > FortiGuard.

2. Click the Expand Arrow for AV and IPS Options.

3. Select Allow Push Update.

4. Select Use push override IP.

5. Enter the virtual IP address configured on the NAT device.

6. Select Apply.

 

To enable push updates – CLI

config system autoupdate push-update set status enable

set override enable

set address <vip_address>

end

Configuring Web Filtering and Email Filtering Options

Go to System > FortiGuard, and expand arrow to view Web Filtering and Email Filtering Options for setting the size of the caches and ports used.

Web Filter cache TTL               Set the Time To Live value. This is the number of seconds the FortiGate will store a blocked IP or URL locally, saving time and network access traffic, checking the FortiGuard server. Once the TTL has expired, the FortiGate will contact an FDN server to verify a web address. The TTL must be between 300 and 86400 seconds.

Antispam cache TTL

Set the Time To Live value. This is the number of seconds the FortiGate will store a blocked IP or URL locally, saving time and network access traffic, checking the FortiGuard server. Once the TTL has expired, the FortiGate will contact an FDN server to verify a web address. The TTL must be between 300 and 86400 seconds.

Port Section                               Select the port assignments for contacting the FortiGuard servers. Select the Test Availability button to verify the connection using the selected port.

To have a URL’s category rating re-evaluated, please click here

Select to re-evaluate a URL’s category rating on the FortiGuard Web Filter service.

 

Email filtering

The FortiGuard data centers monitor and update email databases of known spam sources. With FortiGuard Antispam enabled, the FortiGate verifies incoming email sender address and IPs against the database, and take the necessary action as defined within the antivirus profiles.

Spam source IP addresses can also be cached locally on the FortiGate, providing a quicker response time, while easing load on the FortiGuard servers, aiding in a quicker response time for less common email address requests.

By default, the antispam cache is enabled. The cache includes a time-to-live value, which is the amount of time an email address will stay in the cache before expiring. You can change this value to shorten or extend the time between 300 and 86400 seconds.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.