Scheduled updates through a proxy server, Scheduled updates – Fortinet FortiGate 100 User Manual
Page 100
100
Fortinet Inc.
Scheduled updates through a proxy server
Virus and attack definitions updates and registration
5
Set Port to the External Service Port added to the virtual IP.
For the example topology, enter 45001.
6
Select Apply.
The FortiGate unit sends the override push IP address and Port to the FDN. The FDN
will now use this IP address and port for push updates to the FortiGate unit on the
internal network.
If the External IP Address or External Service Port change, add the changes to the
Use override push configuration and select Apply to update the push information on
the FDN.
Figure 4: Example push update configuration
7
Select Apply.
8
You can select Refresh to make sure that push updates work.
Push Update should change to Available.
Scheduled updates through a proxy server
If your FortiGate unit must connect to the Internet through a proxy server, you can use
the
set system autoupdate tunneling
command to allow the FortiGate unit to
connect (or tunnel) to the FDN using the proxy server. Using the command you can
specify the IP address and port of the proxy server. As well, if the proxy server
requires authentication, you can add the user name and password required for the
proxy server to the autoupdate configuration. The full syntax for enabling updates
through a proxy server is:
set system autouopdate tunneling enable [address
[password
For example, if the IP address of the proxy server is 64.23.6.89 and its port is 8080,
enter the following command:
set system autouopdate tunneling enable address 64.23.6.89
port 8080
For more information about the
set system autoupdate
command, see Volume 6,
FortiGate CLI Reference Guide.
The FortiGate unit connects to the proxy server using the HTTP CONNECT method,
as described in RFC 2616. The FortiGate unit sends an HTTP CONNECT request to
the proxy server (optionally with authentication information) specifying the IP address
and port required to connect to the FDN. The proxy server establishes the connection
to the FDN and passes information between the FortiGate unit and the FDN.
The CONNECT method is used mostly for tunneling SSL traffic. Some proxy servers
won't allow the CONNECT to connect to just any port; they restrict the allowed ports to
the well known ports for HTTPS and perhaps some other similar services. Because
FortiGate autoupdates use HTTPS on port 8890 to connect to the FDN, your proxy
server may have to be configured to allow connections on this port.