FortiGuard Management : Advanced settings
 
Advanced settings
The advanced settings provides a central location for configuring and enabling your FortiManager system’s built-in FDS as an FDN override server.
By default, this option is disabled and devices contact FDN directly. After enabling and configuring FortiGuard, and configuring your devices to use the FortiManager system as their FortiGuard server, you can view overall and per device statistics on FortiGuard service benefits. FortiGuard Management has three supported configuration options:
Antivirus and IPS Update Service for FortiGate
Antivirus and email filter update Service for FortiMail
Vulnerability Scan and Management Support for FortiAnalyzer
Figure 291: FortiGuard Center advanced settings
Configure the following settings:
Disable Communication with FortiGuard Servers
Disable communication with the FortiGuard servers.
Enable Antivirus and IPS Service
Select to enable antivirus and intrusion protection service.
 
FortiGuard Connection Status
The status of the current connection between the FDN and the FortiManager system.
Disconnected: A red down arrow appears when the FDN connection fails.
Connected: A green up arrow appears when the initial FDN connection succeeds, but a synchronization connection has not yet occurred.
Out of Sync: A gray X appears when the initial FDN connection succeeds, but the built-in FDS is disabled.
Synchronized: A green checkmark appears when the built-in FDS is enabled, and the FDN packages download successfully.
 
Enable Antivirus and IPS Update Service for FortiGate
Select the OS versions from the table for updating antivirus and intrusion protection for FortiGate.
You can select to download updates for FortiOS versions 5.0, 4.0, and 3.0.
 
Enable Antivirus and Email Filter Update Service for FortiMail
Select the OS versions from the table for updating antivirus and email filter for FortiMail.
You can select to download updates for FortiMail OS versions 4.0 and 3.0.
 
Enable Vulnerability Scan and Management Support for FortiAnalyzer
Select the OS versions from the table for supporting Vulnerability Scan and Management Support for FortiAnalyzer.
You can select to download updates for FortiAnalyzer OS versions 5.0 and 4.0.
Enable Web Filter and Services
Select to enable web filter services.
 
FortiGuard Web Filter and Email Filter Connection Status
The status of the current connection between the FDN and the FortiManager system. See FortiGuard Connection Status for more information.
Enable Email Filter Services
Select to enable email filter services.
 
FortiGuard Web Filter and Email Filter Connection Status
The status of the current connection between the FDN and the FortiManager system. See FortiGuard Connection Status for more information.
Server Override Mode
Select Strict (Access Override Server Only) or Loose (Allow Access Other Servers) override mode.
FortiGuard Antivirus and IPS Settings
 
FortiGuard Distribution Network (FDN)
Select the required settings from the following options:
Use Override Service Address for FortiGate/FortiMail: enter an IP address and port number. Select the plus (+) icon to add multiple override server addresses (maximum = 10).
Allow Push Update: enter an IP address and port if selected
Use Web Proxy: enter an IP address, port, user name, and password is selected
Schedule Regular Updates: enter the update frequency from the drop-down lists if selected.
Click Update to apply the changes.
 
Advanced
Select whether or not Update Entries from FDS Server and Update Histories for Each FortiGate are logged.
FortiGuard Web Filter and Email Filter Settings
 
Connection to FDS Server(s)
Select the required settings from the following options:
Use Override Server Address for FortiClient: enter an IP address and port number. Select the plus (+) icon to add multiple override server addresses (maximum = 10).
Use Override Server Address for FortiGate/FortiMail: enter an IP address and port number. Select the plus (+) icon to add multiple override server addresses (maximum = 10).
Use Web Proxy: Enter an IP address, port, user name, and password if selected.
Polling Frequency: Enter the polling frequency from the drop-down lists.
Click Update to apply the changes.
 
Log Settings
Select the required settings from the following options:
Log FortiGuard Server Update Events: enable or disable
FortiGuard Web Filtering: Choose from Log URL disabled, Log non-url events, Log all URL lookups.
FortiGuard Anti-spam: Choose from Log Spam disabled, Log non-spam events, Log all Spam lookups.
FortiGuard Anti-virus Query: Choose from Log Virus disabled, Log non-virus events, Log all Virus lookups.
Override FortiGuard Server (Local FortiManager)
 
Additional Number of Private FortiGuard Servers
Select the plus (+) icon on the right side of the column to add additional private servers. Enter the IP address and selected the time zone of the private server to be added.
 
Enable Antivirus and IPS Update Service for Private Server
Select to enable antivirus and IPS update service for private servers.
 
Enable Web Filter and Email Filter Update Service for Private Server
Select to enable web filter and email filter update service for private servers.
 
Allow FortiGates to Access Public FortiGuard Servers when Private Servers are Unavailable
Select to allow FortiGates to access public FortiGuard servers when private serves are unavailable.
When selecting to disable communication with FortiGuard servers, you must manually upload packages for FortiGate, FortiMail, and FortiClient.
Figure 292: FortiGuard Center advanced settings (FortiGuard server communication disabled)
The following options are available:
Disable Communication with FortiGuard Servers
Select to disable communication with the FortiGuard servers. When this option is selected, you must manually upload packages for FortiGate, FortiMail, and FortiClient.
Enable Antivirus and IPS Service
Select to enable antivirus and intrusion protection service.
Enable Web Filter Services
Select to enable web filter services. The Web Filter database is displayed.
Enable Email Filter Services
Select to enable email filter services. The Email Filter database is displayed.
Upload Options for FortiGate/FortiMail
 
AntiVirus/IPS Packages
Select to upload the FortiGate/FortiMail antivirus and IPS packages. Browse for the file you downloaded from the Customer Service & Support portal on your management computer. Select OK to upload the package to FortiManager.
 
Web Filter Database
Select to upload the web filter database. Browse for the file you downloaded from the Customer Service & Support portal on your management computer. Select OK to upload the package to FortiManager.
 
Email Filter Database
Select to upload the email filter database. Browse for the file you downloaded from the Customer Service & Support portal on your management computer. Select OK to upload the package to FortiManager.
 
Service License
Select to import the FortiGate license. Browse for the file on your management computer. Select OK to upload the package to FortiManager.
Upload Options for FortiClient
 
AntiVirus/IPS Packages
Select to upload the FortiClient AntiVirus/IPS packages. Browse for the file you downloaded from the Customer Service & Support portal on your management computer. Select OK to upload the package to FortiManager.
 
Service License
Select to import the FortiClient license. Browse for the file on your management computer. Select OK to upload the package to FortiManager.