Handling connection attempts from unregistered devices

FortiGuard Services : Configuring devices to use the built-in FDS : Handling connection attempts from unregistered devices

The built-in FDS replies to FortiGuard update and query connections from devices registered with the device manager’s device list. If the FortiManager is configured to allow connections from unregistered devices, unregistered devices can also connect.

For example, you might choose to manage a FortiGate unit’s firmware and configuration locally (from its Web‑based Manager), but use the FortiManager system when the FortiGate unit requests FortiGuard Antivirus (AV) and Intrusion Protection (IPS) updates. In this case, the FortiManager system considers the FortiGate unit to be an unregistered device, and must decide how to handle the connection attempt. The FortiManager system will handle the connection attempt based on how it is configured. Connection attempt handling is only configurable via the CLI

To configure connection attempt handling:

1. Go to the CLI console widget in the System Settings tab. For information on widget settings, see “Customizing the dashboard”.

2. Click inside the console to connect.

3. Enter the following CLI command to allow unregistered devices to be registered:

config fmsystem admin setting

set allow_register enable

end

4. To configure the system to add unregistered devices and allow service requests, enter the following CLI commands:

config fmsystem admin setting

set unreg_dev_opt add_allow_service

end

5. To configure the system to add unregistered devices but deny service requests, enter the following CLI commands:

config fmsystem admin setting

set unreg_dev_opt add_no_service

end

For more information, see the FortiManager CLI Reference.