Chapter 2 Getting Started : Basic Administration : FortiGuard : Verifying your Connection to FortiGuard : Port assignment
  
Port assignment
FortiGate units contact the FortiGuard Distribution Network (FDN) for the latest list of FDN servers by sending UDP packets with typical source ports of 1027 or 1031, and destination ports of 53 or 8888. The FDN reply packets have a destination port of 1027 or 1031.
If your ISP blocks UDP packets in this port range, the FortiGate unit cannot receive the FDN reply packets. As a result, the FortiGate unit will not receive the complete FDN server list.
If your ISP blocks the lower range of UDP ports (around 1024), you can configure your FortiGate unit to use higher-numbered ports, using the CLI command…
config system global
set ip-src-port-range <start port>-<end port>
end
…where the <start port> and <end port> are numbers ranging of 1024 to 25000.
For example, you could configure the FortiGate unit to not use ports lower than 2048 or ports higher than the following range:
config system global
set ip-src-port-range 2048-20000
end
Trial and error may be required to select the best source port range. You can also contact your ISP to determine the best range to use. Push updates might be unavailable if:
there is a NAT device installed between the unit and the FDN
your unit connects to the Internet using a proxy server.
See Also
Web-based manager verification
Verification - CLI
FortiGuard Services
Antivirus and IPS
Web filtering
Email filtering
Online Security Tools
FortiCloud
FortiCloud is a hosted security management and log retention service for FortiGate products. It gives you a centralized reporting, traffic analysis, configuration and log retention without the need for additional hardware and software.
See Also
Configuring Antivirus and IPS Options
Manual updates
Automatic updates
Support Contract and FortiGuard Subscription Services
FortiGuard Analysis Service Options
FortiGuard Services
Web filtering
Email filtering
Online Security Tools
FortiCloud