beautypg.com

Fortinet FortiGate 100 User Manual

Page 98

background image

98

Fortinet Inc.

Push updates through a NAT device

Virus and attack definitions updates and registration

General procedure

Use the following steps to configure the FortiGate NAT device and the FortiGate unit
on the Internal network so that the FortiGate unit on the Internal network can receive
push updates:

1

Add a port forwarding virtual IP to the FortiGate NAT device.

2

Add a firewall policy to the FortiGate NAT device that includes the port forwarding
virtual IP.

3

Configure the FortiGate unit on the internal network with an override push IP and port.

Adding a port forwarding virtual IP to the FortiGate NAT device

Use the following procedure to configure a FortiGate NAT device to use port
forwarding to forward push update connections from the FDN to a FortiGate unit on
the internal network.

To configure the FortiGate NAT device:

1

Go to Firewall > Virtual IP.

2

Select New.

3

Add a name for the virtual IP.

4

Select the External interface that the FDN connects to.
For the example topology, select the external interface.

5

Select Port Forwarding.

6

Enter the External IP address that the FDN connects to.
For the example topology, enter 64.230.123.149.

7

Enter the External Service Port that the FDN connects to.
For the example topology, enter 45001.

8

Set Map to IP to the IP address of the FortiGate unit on the internal network.
If the FortiGate unit is operating in NAT/Route mode, enter the IP address of the
external interface.
If the FortiGate unit is operating in Transparent mode, enter the management IP
address.
For the example topology, enter 192.168.1.99.

9

Set the Map to Port to 9443.

10

Set Protocol to UDP.

11

Select OK.

Note: Before completing the following procedure you should register the FortiGate unit on the
internal network so that it can receive push updates.