av-ips
Use the following commands to configure antivirus and IPS related settings.
av-ips advanced-log
Use this command to enable logging of FortiGuard antivirus and IPS update packages received by the FortiManager unit’s built-in FDS from the external FDS.
Syntax
config fmupdate av-ips advanced-log
set log-fortigate {enable | disable}
set log-server {enable | disable}
end
|
Variable |
Description |
|---|---|
|
log-fortigate {enable | disable} |
Enable/disable logging of FortiGuard antivirus and IPS service updates of FortiGate devices. Default: |
|
log-server {enable | disable} |
Enable/disable logging of update packages received by the built-in FDS server. Default: |
Example
You could enable logging of FortiGuard antivirus updates to FortiClient installations and update packages downloaded by the built-in FDS from the FDS.
config fmupdate av-ips advanced-log
set log-forticlient enable
set log-server enable
end
av-ips fct server-override
Use this command to override the default IPv4 or IPv6 address and port that the built-in FDS contacts when requesting FortiGuard antivirus updates for FortiClient from the FDS.
Syntax
config fmupdate av-ips fct server-override
set status {enable | disable}
config servlist
edit <id>
set ip <ipv4_address>
set ip6 <ipv6_address>
set port <integer>
end
end
|
Variable |
Description |
|---|---|
|
status {enable | disable} |
Enable/disable the override.
Default: |
|
Variables for |
|
|
<id> |
Override server ID (1-10). |
|
ip <ipv4_address> |
Enter the IPv4 address of the override server. Default: |
|
ip6 <ipv6_address> |
Enter the IPv6 address of the override server. |
|
port <integer> |
Enter the port number to use when contacting the FDS. Default: |
Example
You could configure the FortiManager unit’s built-in FDS to use a specific FDN server and a different port when retrieving FortiGuard antivirus updates for FortiClient from the FDS.
config fmupdate av-ips fct server-override
set status enable
config servlist
edit 1
set ip 192.168.25.152
set port 80
end
end
av-ips fgt server-override
Use this command to override the default IPv4 or IPv6 address and port that the built-in FDS contacts when requesting FortiGuard antivirus and IPS updates for FortiGate units from the FDS.
Syntax
config fmupdate av-ips fgt server-override
set status {enable | disable}
config servlist
edit <id>
set ip <ipv4_address>
set ip6 <ipv6_address>
set port <integer>
end
end
|
Variable |
Description |
|---|---|
|
status {enable | disable} |
Enable/disable the override.
Default: |
|
Variable for |
|
|
<id> |
Override server ID (1-10). |
|
ip <ipv4_address> |
Enter the IPv4 address of the override server. Default: |
|
ip6 <ipv6_address> |
Enter the IPv6 address of the override server. |
|
port <integer> |
Enter the port number to use when contacting the FDS. Default: |
Example
You could configure the FortiManager unit’s built-in FDS to use a specific FDS server and a different port when retrieving FortiGuard antivirus and IPS updates for FortiGate units from the FDS.
config fmupdate av-ips fgt server-override
set status enable
config servlist
edit 1
set ip 172.27.152.144
set port 8890
end
end
av-ips update-schedule
Use this command to configure the built-in FDS to retrieve FortiGuard antivirus and IPS updates at a specified day and time.
Syntax
config fmupdate av-ips update-schedule
set day {Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday}
set frequency {every | daily | weekly}
set status {enable | disable}
set time <hh:mm>
end
|
Variable |
Description |
|---|---|
|
day {Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday} |
Enter the day of the week when the update will begin. This option only appears when the |
|
frequency {every | daily | weekly} |
Enter to configure the frequency of the updates. The following options are available:
|
|
status {enable | disable} |
Enable/disable regularly scheduled updates. Default: |
|
time <hh:mm> |
Enter to configure the time or interval when the update will begin. For example, if you want to schedule an update every day at 6:00 PM, enter The time period format is the 24-hour clock: hh=0-23, mm=0-59. If the minute is If the Default: |
Example
You could schedule the built-in FDS to request the latest FortiGuard antivirus and IPS updates every five hours, at a random minute within the hour.
config fmupdate av-ips udpate-schedule
set status enable
set frequency every
set time 05:60
end
av-ips web-proxy
Use this command to configure a web proxy if FortiGuard antivirus and IPS updates must be retrieved through a web proxy.
Syntax
config fmupdate av-ips web-proxy
set ip <ipv4_address>
set ip6 <ipv6_address>
set mode {proxy | tunnel}
set password <passwd>
set port <integer>
set status {enable | disable}
set username <string>
end
|
Variable |
Description |
|---|---|
|
ip <ipv4_address> |
Enter the IPv4 address of the web proxy. Default: |
|
ip6 <ipv6_address> |
Enter the IPv6 address of the web proxy. |
|
mode {proxy | tunnel} |
Enter the web proxy mode. The following options are available:
|
|
password <passwd> |
If the web proxy requires authentication, enter the password for the user name. Character limit: 63 |
|
port <integer> |
Enter the port number of the web proxy. Default: |
|
status {enable | disable} |
Enable/disable connections through the web proxy. Default: |
|
username <string> |
If the web proxy requires authentication, enter the user name. Character limit: 63 |
Example
You could enable a connection through a non-transparent web proxy on an alternate port.
config fmupdate av-ips web-proxy
set status enable
set mode proxy
set ip 10.10.30.1
set port 8890
set username avipsupdater
set password cvhk3rf3u9jvsYU
end
