Fortinet FortiGate 4000 Switch User Manual


 
128 Fortinet Inc.
Enabling push updates Virus and attack definitions updates and registration
Enabling scheduled updates through a proxy server
If your FortiGate unit must connect to the Internet through a proxy server, you can use
the set system autoupdate tunneling command to allow the FortiGate unit to
connect (or tunnel) to the FDN using the proxy server. Using this command you can
specify the IP address and port of the proxy server. As well, if the proxy server
requires authentication, you can add the user name and password required for the
proxy server to the autoupdate configuration. The full syntax for enabling updates
through a proxy server is:
set system autoupdate tunneling enable [address
<proxy-address_ip> [port <proxy-port> [username <username_str>
[password <password_str>]]]]
For example, if the IP address of the proxy server is 64.23.6.89 and its port is 8080,
enter the following command:
set system autouopdate tunneling enable address 64.23.6.89
port 8080
For more information about the set system autoupdate command, see Volume 6,
FortiGate CLI Reference Guide.
The FortiGate unit connects to the proxy server using the HTTP CONNECT method,
as described in RFC 2616. The FortiGate unit sends an HTTP CONNECT request to
the proxy server (optionally with authentication information) specifying the IP address
and port required to connect to the FDN. The proxy server establishes the connection
to the FDN and passes information between the FortiGate unit and the FDN.
The CONNECT method is used mostly for tunneling SSL traffic. Some proxy servers
do not allow the CONNECT to connect to any port; they restrict the allowed ports to
the well known ports for HTTPS and perhaps some other similar services. Because
FortiGate autoupdates use HTTPS on port 8890 to connect to the FDN, your proxy
server might have to be configured to allow connections on this port.
There are no special tunneling requirements if you have configured an override server
address to connect to the FDN.
Enabling push updates
The FDN can push updates to FortiGate units to provide the fastest possible response
to critical situations. You must register the FortiGate unit before it can receive push
updates. See “Registering the FortiGate unit” on page 134.
When you configure a FortiGate unit to allow push updates, the FortiGate unit sends a
SETUP message to the FDN. The next time a new antivirus engine, new antivirus
definitions, or new attack definitions are released, the FDN notifies all FortiGate units
that are configured for push updates that a new update is available. Within 60
seconds of receiving a push notification, the FortiGate unit requests an update from
the FDN.
Note: Push updates are not supported if the FortiGate unit must use a proxy server to connect
to the FDN. For more information, see “Enabling scheduled updates through a proxy server” on
page 128.