Example: push updates through a nat device, Internet, Fortigate-50a internal network – Fortinet FortiGate 50A User Manual

80

Fortinet Inc.

Enabling push updates

Virus and attack definitions updates and registration

Example: push updates through a NAT device

This example describes how to configure a FortiGate NAT device to forward push
updates to a FortiGate unit installed on its internal network. For the FortiGate unit on
the internal network to receive push updates, the FortiGate NAT device must be
configured with a port forwarding virtual IP. This virtual IP maps the IP address of the
external interface of the FortiGate NAT device and a custom port to the IP address of
the FortiGate unit on the internal network. This IP address can either be the external
IP address of the FortiGate unit if it is operating in NAT/Route mode, or the
Management IP address of the FortiGate unit if it is operating in Transparent mode.

Figure 2: Example network topology: Push updates through a NAT device

Note: You cannot receive push updates through a NAT device if the external IP address of the
NAT device is dynamic (for example, set using PPPoE or DHCP).

Note: This example describes the configuration for a FortiGate NAT device. However, you can
use any NAT device with a static external IP address that can be configured for port forwarding.

Internet

Virtual IP Maps

64.230.123.149:45001

to

192.168.1.99:9443

External IP
64.230.123.149

FortiResponse
Distribution
Network (FDN)

FortiGate-50A

Internal Network

Esc

Enter

External IP or
Management IP
192.168.1.99

FortiGate-300

NAT Device

Push Update to
IP address 64.230.123.149
and port 45001

INTERNAL

EXTERNAL

LINK 100

LINK 100

PWR

STATUS

A