FORTIGATE FIREWALL HOW TOONLINE SERVICES

www.ipmax.it

INTRODUCTIONNow our firewall is connected to the Internet, so we could try to use this setup to setthe system time and verify the subscription to the FortiGuard services.FortiGuard services allow the firewall to be up to date on its virus, spyware andvulnerability signatures. Web filtering lists are also updated through FortiGuardservices.It’s important that you have a valid subscription to the FortiGuard services in order toget the above mentioned updates.

NTPTo configure system time by NTP go to the System > Status dashboard and click on"Change" in the System Time row. Configure the firewall to be an NTP client as shown inthe following picture.In our example we use FortGuard NTP servers for time synchronization, but you could use your preferred ones. The time zone could also be modified as per your needs.

The FortiGate unit could also be configured to be an NTP server. During the NTP server configuration, you can select one or more interfaces on which listen to NTP client association requests.

FORTIGUARD SERVICESFortiGuard services configuration is very simple: you must subscribe them and register your FortiGate unit. The FortiGatefirewall will connect to the FortiGuardservices automatically, but your intervention is needed in order to verify that all subscribed services are reachable and the associated license is not expired.

As you could see from the License Information dashboard widget (on the right), Active services are marked with a green check, expired ones are marked with a red cross and unreachable ones are marked with a gray cross.

FORTIGUARD SERVICES TROUBLESHOOTSometime may happen that your FortiGate firewall is not able to connect to theFortiGuard services onto the Internet. This situation has been shown in the previousslide when a service is marked with a gray cross.Because FortiGuard services require an Internet connection, you must verify that theyare reachable: connect to the firewall CLI and execute a ping test ond/or a traceroutewith the following commands.

execute ping www.fortiguard.comexecute traceroute www.fortiguard.com

Sometimes there is a policy or a web filtering rule that blocks FortiGuard services, soverify that such configuration is not in place.

FORTIGUARD SERVICES TROUBLESHOOT -CONTINUED

You can also view the FortiGuardconnection status by going to System >Config > FortiGuard.

At the end of this menu, you could alsochange the L4 port used by theFortiGuard services. This configurationis very important because sometimesthe default port (port 53) is blocked byyour ISP or inside your network (it’s thesame port used by DNS!).

The other available port to be used forthe FortiGuard services is port 8888.

MORE NEEDS?

See hints on www.ipmax.itOr email us your questions to info_ipmax@ipmax.it

IPMAX

IPMAX is a Fortinet Partner in Italy.IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation.

IPMAX srlVia Ponchielli, 420063 Cernusco sul Naviglio (MI) – Italy+39 02 9290 9171