Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

Update settings

Update-related information is contained inside the <update></update> XML tags. Use this field to specify how FortiClient performs updates from FDN servers.

<forticlient_configuration>

<system>

<update>

<use_custom_server>0</use_custom_server>

<restrict_services_to_regions/>

<server></server>

<port>80</port>

<fail_over_servers>server1.fortinet.com:8008;172.81.30.6:80;server2.fortinet.com:80</fail_over_servers>

<timeout>60</timeout>

<failoverport>8000</failoverport>

<fail_over_to_fdn>1</fail_over_to_fdn>

<use_proxy_when_fail_over_to_fdn>1</use_proxy_when_fail_over_to_fdn>

<auto_patch>1</auto_patch>

<update_action>notify_only</update_action>

<scheduled_update>

<enabled>1</enabled>

<type>interval</type>

<daily_at>03:00</daily_at>

<update_interval_in_hours>3</update_interval_in_hours>

</scheduled_update>

<submit_virus_info_to_fds>0</submit_virus_info_to_fds>

<submit_vuln_info_to_fds>1<submit_vuln_info_to_fds>

</update>

</system>

</forticlient_configuration>

The following table provides the XML tags for update settings, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<use_custom_server>

Define a custom server for updates. When the Boolean value is set to 0, FortiClient uses the default FDN server address. When the Boolean value is set to 1, you must specify the address in <update><server>. This setting is typically used when specifying a FortiManager as your update server.

Boolean value: [0 | 1]

0

<restrict_services_to_regions>

Define whether to restrict the FDN server location to U.S.-only, or to use the nearest FDN server.

To restrict to U.S.-only FDN server locations, set to USA, as follows: <restrict_services_to_regions>USA</restrict_services_to_regions>.

Otherwise, leave blank. This is the default configuration.

 

<server>

Enter the update server's IP address or FQDN. Use when <use_custom_server> is set to 1.

Optionally, you can specify the port number. You can specify multiple addresses using a semicolon delimited list.

For example, 10.10.10.1:80;10.10.10.2:8080;172.16.10.80;www.myfortimanager.net. In this example, FortiClient tries each server specified in order until one works or they all fail.

<port>

Enter the update server's port number. If a port number is not specified in <update><server>, this port is used.

Port range: 1 to 65535

80

<fail_over_servers>

Enter the update servers to try if FortiClient cannot reach the primary server. Separate multiple servers with a semicolon. IP address or FQDN, followed by a colon and the port number if applicable.

<timeout>

Enter the connection timeout, in seconds, when attempting to reach a custom update server. If a server is reachable but not responding to update requests, the actual timeout is longer.

The timeout specified is applied three times to one <server>:<port> pair before FortiClient gives up on this pair. If <failoverport> is specified, and greater than 0, there are a total of six attempts (three attempts for <server>:<port>, three attempts for <server>:<failoverport>).

60

<failoverport>

Failover port number. If FortiClient cannot reach the update server via the port specified in <server> or <port>, FortiClient tries the same address with this port.

Port range: 1 to 65535

8000

<fail_over_to_fdn>

Determines whether or not to use FDN servers if communication with custom <server> fails. If the Boolean value is set to 1, <use_custom_server> is set to 1, and the update server specified by <server> cannot be reached, then FortiClient tries the default public FDN server. This is tried only if FortiClient has exhausted all other custom update server options.

Boolean value: [0 | 1]

1

<use_proxy_when_fail_over_to_fdn>

Supports failover to FDN servers if FortiClient uses a proxy server defined with <forticlient_configuration><system><proxy> and <fail_over_to_fndn> is set to 1. Set <use_proxy_when_fail_over_to_fdn> to 1 to fail over to FDN servers. This element is ignored when no proxy server is defined with <forticlient_configuration><system><proxy>.

Boolean value: [0 | 1]

1

<auto_patch>

Determines whether to automatically check for software updates. This setting is used with <update_action>. If enabled, FortiClient automatically checks for updates and takes the action specified by <update_action>.

Boolean value: [0 | 1]

0

<update_action>

This setting applies to software updates only. FortiClient (macOS) supports only the notify_only and disable options. Enter one of the following:

  • download_and_install: Automatically downloads and installs software updates with no user intervention. The computer reboots automatically if needed.
  • download_only: Automatically downloads software updates, but does not install them. The user can install the software update by following the message prompt.
  • notify_only: Displays a message when a software update becomes available. The user triggers the update by following the message prompt.
  • disable: Disables online software updates. You can only achieve software updates by manually downloading and installing newer installation packages.
notify_only

<submit_virus_info_to_fds>

Enable or disable submission of virus information to FDN.

Boolean value: [0 | 1]

1

<submit_vuln_info_to_fds>

Enable or disable submission of vulnerability statistics to FDN. When set to 1, send vulnerability detection statistics from the vulnerability scanner to FDN. When set to 0, do not send vulnerability statistics to FDN.

Boolean value: [0 | 1]

1

<scheduled_update> elements

Use these elements to define when FortiClient should look for engine, signature, and software updates, if enabled.

<enabled>

Enable or disable scheduled updates. When the Boolean value is set to 1, scheduled update is enabled. When set to 0, scheduled update is disabled.

Boolean value: [0 | 1]

1

<type>

Update frequency: daily or at regular hourly intervals. Enter one of the following:

  • daily
  • interval
interval

<daily_at>

Time of the day, in the format HH:MM (24-hour clock), this field is mandatory if the <type> tag is set to daily. This field specifies the time that FortiClient should check for updates.

<update_interval_in_hours>

Update interval in hours if the <type> tag is set to interval. This field specifies the frequency that FortiClient should check for updates. The minimum value is 1, the maximum value is 24.

3

When <use_custom_server> is 0 or both <server> and <fail_over_servers> are each an empty (null) string, FortiClient only uses the default FDN server for software updates. If a string is specified in <server> and communication fails with that server, each of the servers specified in <fail_over_servers> are tried until one succeeds. If that also fails, then software updates are not possible unless <fail_over_to_fdn> is set to 1.

If communication fails with the server(s) specified in both <server> and <fail_over_servers>, <fail_over_to_fdn> determines the next course of action as listed below:

<server>

<fail_over_to_fdn>

Result

“” (empty strings)

0

Only FDN server is used.

“” (empty strings)

1

Only FDN server is used.

“xyz” (valid IP address)

0

FDN server is never used.

“xyz” (valid IP address)

1

FDN server is used only as failover.

Update settings

Update-related information is contained inside the <update></update> XML tags. Use this field to specify how FortiClient performs updates from FDN servers.

<forticlient_configuration>

<system>

<update>

<use_custom_server>0</use_custom_server>

<restrict_services_to_regions/>

<server></server>

<port>80</port>

<fail_over_servers>server1.fortinet.com:8008;172.81.30.6:80;server2.fortinet.com:80</fail_over_servers>

<timeout>60</timeout>

<failoverport>8000</failoverport>

<fail_over_to_fdn>1</fail_over_to_fdn>

<use_proxy_when_fail_over_to_fdn>1</use_proxy_when_fail_over_to_fdn>

<auto_patch>1</auto_patch>

<update_action>notify_only</update_action>

<scheduled_update>

<enabled>1</enabled>

<type>interval</type>

<daily_at>03:00</daily_at>

<update_interval_in_hours>3</update_interval_in_hours>

</scheduled_update>

<submit_virus_info_to_fds>0</submit_virus_info_to_fds>

<submit_vuln_info_to_fds>1<submit_vuln_info_to_fds>

</update>

</system>

</forticlient_configuration>

The following table provides the XML tags for update settings, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<use_custom_server>

Define a custom server for updates. When the Boolean value is set to 0, FortiClient uses the default FDN server address. When the Boolean value is set to 1, you must specify the address in <update><server>. This setting is typically used when specifying a FortiManager as your update server.

Boolean value: [0 | 1]

0

<restrict_services_to_regions>

Define whether to restrict the FDN server location to U.S.-only, or to use the nearest FDN server.

To restrict to U.S.-only FDN server locations, set to USA, as follows: <restrict_services_to_regions>USA</restrict_services_to_regions>.

Otherwise, leave blank. This is the default configuration.

 

<server>

Enter the update server's IP address or FQDN. Use when <use_custom_server> is set to 1.

Optionally, you can specify the port number. You can specify multiple addresses using a semicolon delimited list.

For example, 10.10.10.1:80;10.10.10.2:8080;172.16.10.80;www.myfortimanager.net. In this example, FortiClient tries each server specified in order until one works or they all fail.

<port>

Enter the update server's port number. If a port number is not specified in <update><server>, this port is used.

Port range: 1 to 65535

80

<fail_over_servers>

Enter the update servers to try if FortiClient cannot reach the primary server. Separate multiple servers with a semicolon. IP address or FQDN, followed by a colon and the port number if applicable.

<timeout>

Enter the connection timeout, in seconds, when attempting to reach a custom update server. If a server is reachable but not responding to update requests, the actual timeout is longer.

The timeout specified is applied three times to one <server>:<port> pair before FortiClient gives up on this pair. If <failoverport> is specified, and greater than 0, there are a total of six attempts (three attempts for <server>:<port>, three attempts for <server>:<failoverport>).

60

<failoverport>

Failover port number. If FortiClient cannot reach the update server via the port specified in <server> or <port>, FortiClient tries the same address with this port.

Port range: 1 to 65535

8000

<fail_over_to_fdn>

Determines whether or not to use FDN servers if communication with custom <server> fails. If the Boolean value is set to 1, <use_custom_server> is set to 1, and the update server specified by <server> cannot be reached, then FortiClient tries the default public FDN server. This is tried only if FortiClient has exhausted all other custom update server options.

Boolean value: [0 | 1]

1

<use_proxy_when_fail_over_to_fdn>

Supports failover to FDN servers if FortiClient uses a proxy server defined with <forticlient_configuration><system><proxy> and <fail_over_to_fndn> is set to 1. Set <use_proxy_when_fail_over_to_fdn> to 1 to fail over to FDN servers. This element is ignored when no proxy server is defined with <forticlient_configuration><system><proxy>.

Boolean value: [0 | 1]

1

<auto_patch>

Determines whether to automatically check for software updates. This setting is used with <update_action>. If enabled, FortiClient automatically checks for updates and takes the action specified by <update_action>.

Boolean value: [0 | 1]

0

<update_action>

This setting applies to software updates only. FortiClient (macOS) supports only the notify_only and disable options. Enter one of the following:

  • download_and_install: Automatically downloads and installs software updates with no user intervention. The computer reboots automatically if needed.
  • download_only: Automatically downloads software updates, but does not install them. The user can install the software update by following the message prompt.
  • notify_only: Displays a message when a software update becomes available. The user triggers the update by following the message prompt.
  • disable: Disables online software updates. You can only achieve software updates by manually downloading and installing newer installation packages.
notify_only

<submit_virus_info_to_fds>

Enable or disable submission of virus information to FDN.

Boolean value: [0 | 1]

1

<submit_vuln_info_to_fds>

Enable or disable submission of vulnerability statistics to FDN. When set to 1, send vulnerability detection statistics from the vulnerability scanner to FDN. When set to 0, do not send vulnerability statistics to FDN.

Boolean value: [0 | 1]

1

<scheduled_update> elements

Use these elements to define when FortiClient should look for engine, signature, and software updates, if enabled.

<enabled>

Enable or disable scheduled updates. When the Boolean value is set to 1, scheduled update is enabled. When set to 0, scheduled update is disabled.

Boolean value: [0 | 1]

1

<type>

Update frequency: daily or at regular hourly intervals. Enter one of the following:

  • daily
  • interval
interval

<daily_at>

Time of the day, in the format HH:MM (24-hour clock), this field is mandatory if the <type> tag is set to daily. This field specifies the time that FortiClient should check for updates.

<update_interval_in_hours>

Update interval in hours if the <type> tag is set to interval. This field specifies the frequency that FortiClient should check for updates. The minimum value is 1, the maximum value is 24.

3

When <use_custom_server> is 0 or both <server> and <fail_over_servers> are each an empty (null) string, FortiClient only uses the default FDN server for software updates. If a string is specified in <server> and communication fails with that server, each of the servers specified in <fail_over_servers> are tried until one succeeds. If that also fails, then software updates are not possible unless <fail_over_to_fdn> is set to 1.

If communication fails with the server(s) specified in both <server> and <fail_over_servers>, <fail_over_to_fdn> determines the next course of action as listed below:

<server>

<fail_over_to_fdn>

Result

“” (empty strings)

0

Only FDN server is used.

“” (empty strings)

1

Only FDN server is used.

“xyz” (valid IP address)

0

FDN server is never used.

“xyz” (valid IP address)

1

FDN server is used only as failover.