Fortinet FortiGate Series Administration Manual page 332

Enabling push updates
332
To configure FortiGuard options on the FortiGate unit on the internal network
1 Go to System > Maintenance > FortiGuard.
2 Select the expand arrow beside AntiVirus and IPS Options to reveal the available
options.
3 Select the Allow Push Update check box.
4 Select the Use override push IP check box.
5 Enter the IP address of the external interface of the NAT device.
UDP port 9943 is changed only if it is blocked or in use.
6 Select Apply.
You can change to the push override configuration if the external IP address of the
external service port changes; select Apply to have the FortiGate unit send the updated
push information to the FDN.
When the FortiGate unit sends the override push IP address and port to the FDN, the FDN
uses this IP address and port for push updates to the FortiGate unit. However, push
updates will not actually work until a virtual IP is added to the NAT device so that the NAT
device accepts push update packets and forwards them to the FortiGate unit on the
internal network.
If the NAT device is also a FortiGate unit, the following procedure,
forwarding virtual IP to the FortiGate NAT
to use port forwarding to push update connections from the FDN to the FortiGate unit on
the internal network.
To add a port forwarding virtual IP to the FortiGate NAT device
1 Go to Firewall > Virtual IP.
2 Select Create New.
3 Enter the appropriate information for the following:
Name
External Interface
External IP
Address/Range
Mapped IP
Address/Range
Port Forwarding
Protocol
External Service Port
Map to Port
4 Select OK.
device, allows you to configure the NAT device
Enter a name for the Virtual IP.
Select an external interface from the list. This is the interface that
connects to the Internet.
Enter the IP address and/or range. This is the IP address to which
the FDN sends the push updates. This is usually the IP address of
the external interface of the NAT device. This IP address must be
the same as the IP address in User override push update for the
FortiGate unit on the internal network.
Enter the IP address and/or range of the FortiGate unit on the
internal network.
Select Port Forwarding. When you select Port Forwarding, the
options Protocol, External Services Port and Map to Port appear.
Select UDP.
Enter the external service port. The external service port is the port
that the FDN connects to. The external service port for push
updates is usually 9443. If you changed the push update port in the
FortiGuard configuration of the FortiGate unit on the internal
network, you must set the external service port to the changed push
update port.
Enter 9443. This is the port number to which the NAT FortiGate unit
will send the push update after it comes through the virtual IP.
FortiGate units expect push update notifications on port 9443.
FortiGate Version 4.0 MR1 Administration Guide
System Maintenance
To add a port
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback