FORTIGATE FIREWALL HOW TO
Now our firewall is connected to the Internet, so we could try to use this setup to set
the system time and verify the subscription to the FortiGuard services.
FortiGuard services allow the firewall to be up to date on its virus, spyware and
vulnerability signatures. Web filtering lists are also updated through FortiGuard
It’s important that you have a valid subscription to the FortiGuard services in order to
get the above mentioned updates.
To configure system time by NTP go to the System > Status dashboard and click on
"Change" in the System Time row. Configure the firewall to be an NTP client as shown in
the following picture.
In our example we use FortGuard NTP servers
for time synchronization, but you could use
your preferred ones. The time zone could also
be modified as per your needs.
The FortiGate unit could also be configured to
be an NTP server. During the NTP server
configuration, you can select one or more
interfaces on which listen to NTP client
FortiGuard services configuration is very
simple: you must subscribe them and
register your FortiGate unit. The FortiGate
firewall will connect to the FortiGuard
services automatically, but your
intervention is needed in order to verify
that all subscribed services are reachable
and the associated license is not expired.
As you could see from the License
Information dashboard widget (on the
right), Active services are marked with a
green check, expired ones are marked
with a red cross and unreachable ones are
marked with a gray cross.
FORTIGUARD SERVICES TROUBLESHOOT
Sometime may happen that your FortiGate firewall is not able to connect to the
FortiGuard services onto the Internet. This situation has been shown in the previous
slide when a service is marked with a gray cross.
Because FortiGuard services require an Internet connection, you must verify that they
are reachable: connect to the firewall CLI and execute a ping test ond/or a traceroute
with the following commands.
execute ping www.fortiguard.com
execute traceroute www.fortiguard.com
Sometimes there is a policy or a web filtering rule that blocks FortiGuard services, so
verify that such configuration is not in place.
FORTIGUARD SERVICES TROUBLESHOOT CONTINUED
You can also view the FortiGuard
connection status by going to System >
Config > FortiGuard.
At the end of this menu, you could also
change the L4 port used by the
FortiGuard services. This configuration
is very important because sometimes
the default port (port 53) is blocked by
your ISP or inside your network (it’s the
same port used by DNS!).
The other available port to be used for
the FortiGuard services is port 8888.
See hints on www.ipmax.it
Or email us your questions to firstname.lastname@example.org
IPMAX is a Fortinet Partner in Italy.
IPMAX is the ideal partner for companies seeking quality in products and
services. IPMAX guarantees method and professionalism to support its
customers in selecting technologies with the best quality / price ratio, in the
design, installation, commissioning and operation.
Via Ponchielli, 4
20063 Cernusco sul Naviglio (MI) – Italy
+39 02 9290 9171