Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

Update settings

The <update></update> XML tags contain update-related information. Use this field to specify how FortiClient performs updates from FDN servers.

<forticlient_configuration>

<system>

<update>

<use_custom_server>0</use_custom_server>

<restrict_services_to_regions/>

<server></server>

<port>80</port>

<fail_over_servers>server1.fortinet.com:8008;172.81.30.6:80;server2.fortinet.com:80</fail_over_servers>

<timeout>60</timeout>

<failoverport>8000</failoverport>

<fail_over_to_fdn>1</fail_over_to_fdn>

<use_proxy_when_fail_over_to_fdn>1</use_proxy_when_fail_over_to_fdn>

<auto_patch>1</auto_patch>

<update_action>notify_only</update_action>

<scheduled_update>

<enabled>1</enabled>

<type>interval</type>

<daily_at>03:00</daily_at>

<update_interval_in_hours>3</update_interval_in_hours>

</scheduled_update>

<submit_virus_info_to_fds>0</submit_virus_info_to_fds>

<submit_vuln_info_to_fds>1<submit_vuln_info_to_fds>

</update>

</system>

</forticlient_configuration>

The following table provides the XML tags for update settings, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<use_custom_server>

Define a custom server for updates. When the Boolean value is set to 0, FortiClient uses the default FDN server address. When the Boolean value is set to 1, you must specify the address in <update><server>. This setting is typically used when specifying a FortiManager as your update server.

Boolean value: [0 | 1]

0

<restrict_services_to_regions>

Define whether to restrict the FDN server location to U.S.-only, or to use the nearest FDN server.

To restrict to U.S.-only FDN server locations, set to USA, as follows: <restrict_services_to_regions>USA</restrict_services_to_regions>.

Otherwise, leave blank. This is the default configuration.

 

<server>

Enter the update server's IP address or FQDN. Use when <use_custom_server> is set to 1.

Optionally, you can specify the port number. You can specify multiple addresses using a semicolon delimited list.

For example, 10.10.10.1:80;10.10.10.2:8080;172.16.10.80;www.myfortimanager.net. In this example, FortiClient tries each server specified in order until one works or they all fail.

<port>

Enter the update server's port number. If a port number is not specified in <update><server>, FortiClient uses this port.

Port range: 1 to 65535

80

<fail_over_servers>

Enter the update servers to try if FortiClient cannot reach the primary server. Separate multiple servers with a semicolon. IP address or FQDN, followed by a colon and the port number if applicable.

<timeout>

Enter the connection timeout, in seconds, when attempting to reach a custom update server. If a server is reachable but not responding to update requests, the actual timeout is longer.

The timeout specified is applied three times to one <server>:<port> pair before FortiClient gives up on this pair. If <failoverport> is specified, and greater than 0, there are a total of six attempts (three attempts for <server>:<port>, three attempts for <server>:<failoverport>).

60

<failoverport>

Failover port number. If FortiClient cannot reach the update server via the port specified in <server> or <port>, FortiClient tries the same address with this port.

Port range: 1 to 65535

8000

<fail_over_to_fdn>

Determines whether or not to use FDN servers if communication with custom <server> fails. If the Boolean value is set to 1, <use_custom_server> is set to 1, and the update server specified by <server> cannot be reached, then FortiClient tries the default public FDN server. This is tried only if FortiClient has exhausted all other custom update server options.

Boolean value: [0 | 1]

1

<use_proxy_when_fail_over_to_fdn>

Supports failover to FDN servers if FortiClient uses a proxy server defined with <forticlient_configuration><system><proxy> and <fail_over_to_fndn> is set to 1. Set <use_proxy_when_fail_over_to_fdn> to 1 to fail over to FDN servers. This element is ignored when no proxy server is defined with <forticlient_configuration><system><proxy>.

Boolean value: [0 | 1]

1

<auto_patch>

Determines whether to automatically check for software updates. This setting is used with <update_action>. If enabled, FortiClient automatically checks for updates and takes the action specified by <update_action>.

Boolean value: [0 | 1]

0

<update_action>

This setting applies to software updates only. FortiClient (macOS) supports only the notify_only and disable options. Enter one of the following:

  • download_and_install: Automatically downloads and installs software updates with no user intervention. The computer reboots automatically if needed.
  • download_only: Automatically downloads software updates, but does not install them. The user can install the software update by following the message prompt.
  • notify_only: Displays a message when a software update becomes available. The user triggers the update by following the message prompt.
  • disable: Disables online software updates. You can only achieve software updates by manually downloading and installing newer installation packages.
notify_only

<submit_virus_info_to_fds>

Enable submitting virus information to FDN.

Boolean value: [0 | 1]

1

<submit_vuln_info_to_fds>

Enable submitting vulnerability statistics to FDN. When set to 1, send vulnerability detection statistics from the vulnerability scanner to FDN. When set to 0, do not send vulnerability statistics to FDN.

Boolean value: [0 | 1]

1

<scheduled_update> elements

Use these elements to define when FortiClient should look for engine, signature, and software updates, if enabled.

<enabled>

Enable scheduled updates.

Boolean value: [0 | 1]

1

<type>

Update frequency: daily or at regular hourly intervals. Enter one of the following:

  • daily
  • interval
interval

<daily_at>

Time of the day, in the format HH:MM (24-hour clock), this field is mandatory if the <type> tag is set to daily. This field specifies the time that FortiClient should check for updates.

<update_interval_in_hours>

Update interval in hours if the <type> tag is set to interval. This field specifies the frequency that FortiClient should check for updates. The minimum value is 1, the maximum value is 24.

3

When <use_custom_server> is 0 or both <server> and <fail_over_servers> are each an empty (null) string, FortiClient only uses the default FDN server for software updates. If a string is specified in <server> and communication fails with that server, each of the servers specified in <fail_over_servers> are tried until one succeeds. If that also fails, then software updates are not possible unless <fail_over_to_fdn> is set to 1.

If communication fails with the server(s) specified in both <server> and <fail_over_servers>, <fail_over_to_fdn> determines the next course of action as listed below:

<server>

<fail_over_to_fdn>

Result

“” (empty strings)

0

FortiClient only uses the FDN server.

“” (empty strings)

1

FortiClient only uses the FDN server.

“xyz” (valid IP address)

0

FortiClient never uses the FDN server.

“xyz” (valid IP address)

1

FortiClient only uses the FDN server as failover.

Update settings

The <update></update> XML tags contain update-related information. Use this field to specify how FortiClient performs updates from FDN servers.

<forticlient_configuration>

<system>

<update>

<use_custom_server>0</use_custom_server>

<restrict_services_to_regions/>

<server></server>

<port>80</port>

<fail_over_servers>server1.fortinet.com:8008;172.81.30.6:80;server2.fortinet.com:80</fail_over_servers>

<timeout>60</timeout>

<failoverport>8000</failoverport>

<fail_over_to_fdn>1</fail_over_to_fdn>

<use_proxy_when_fail_over_to_fdn>1</use_proxy_when_fail_over_to_fdn>

<auto_patch>1</auto_patch>

<update_action>notify_only</update_action>

<scheduled_update>

<enabled>1</enabled>

<type>interval</type>

<daily_at>03:00</daily_at>

<update_interval_in_hours>3</update_interval_in_hours>

</scheduled_update>

<submit_virus_info_to_fds>0</submit_virus_info_to_fds>

<submit_vuln_info_to_fds>1<submit_vuln_info_to_fds>

</update>

</system>

</forticlient_configuration>

The following table provides the XML tags for update settings, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<use_custom_server>

Define a custom server for updates. When the Boolean value is set to 0, FortiClient uses the default FDN server address. When the Boolean value is set to 1, you must specify the address in <update><server>. This setting is typically used when specifying a FortiManager as your update server.

Boolean value: [0 | 1]

0

<restrict_services_to_regions>

Define whether to restrict the FDN server location to U.S.-only, or to use the nearest FDN server.

To restrict to U.S.-only FDN server locations, set to USA, as follows: <restrict_services_to_regions>USA</restrict_services_to_regions>.

Otherwise, leave blank. This is the default configuration.

 

<server>

Enter the update server's IP address or FQDN. Use when <use_custom_server> is set to 1.

Optionally, you can specify the port number. You can specify multiple addresses using a semicolon delimited list.

For example, 10.10.10.1:80;10.10.10.2:8080;172.16.10.80;www.myfortimanager.net. In this example, FortiClient tries each server specified in order until one works or they all fail.

<port>

Enter the update server's port number. If a port number is not specified in <update><server>, FortiClient uses this port.

Port range: 1 to 65535

80

<fail_over_servers>

Enter the update servers to try if FortiClient cannot reach the primary server. Separate multiple servers with a semicolon. IP address or FQDN, followed by a colon and the port number if applicable.

<timeout>

Enter the connection timeout, in seconds, when attempting to reach a custom update server. If a server is reachable but not responding to update requests, the actual timeout is longer.

The timeout specified is applied three times to one <server>:<port> pair before FortiClient gives up on this pair. If <failoverport> is specified, and greater than 0, there are a total of six attempts (three attempts for <server>:<port>, three attempts for <server>:<failoverport>).

60

<failoverport>

Failover port number. If FortiClient cannot reach the update server via the port specified in <server> or <port>, FortiClient tries the same address with this port.

Port range: 1 to 65535

8000

<fail_over_to_fdn>

Determines whether or not to use FDN servers if communication with custom <server> fails. If the Boolean value is set to 1, <use_custom_server> is set to 1, and the update server specified by <server> cannot be reached, then FortiClient tries the default public FDN server. This is tried only if FortiClient has exhausted all other custom update server options.

Boolean value: [0 | 1]

1

<use_proxy_when_fail_over_to_fdn>

Supports failover to FDN servers if FortiClient uses a proxy server defined with <forticlient_configuration><system><proxy> and <fail_over_to_fndn> is set to 1. Set <use_proxy_when_fail_over_to_fdn> to 1 to fail over to FDN servers. This element is ignored when no proxy server is defined with <forticlient_configuration><system><proxy>.

Boolean value: [0 | 1]

1

<auto_patch>

Determines whether to automatically check for software updates. This setting is used with <update_action>. If enabled, FortiClient automatically checks for updates and takes the action specified by <update_action>.

Boolean value: [0 | 1]

0

<update_action>

This setting applies to software updates only. FortiClient (macOS) supports only the notify_only and disable options. Enter one of the following:

  • download_and_install: Automatically downloads and installs software updates with no user intervention. The computer reboots automatically if needed.
  • download_only: Automatically downloads software updates, but does not install them. The user can install the software update by following the message prompt.
  • notify_only: Displays a message when a software update becomes available. The user triggers the update by following the message prompt.
  • disable: Disables online software updates. You can only achieve software updates by manually downloading and installing newer installation packages.
notify_only

<submit_virus_info_to_fds>

Enable submitting virus information to FDN.

Boolean value: [0 | 1]

1

<submit_vuln_info_to_fds>

Enable submitting vulnerability statistics to FDN. When set to 1, send vulnerability detection statistics from the vulnerability scanner to FDN. When set to 0, do not send vulnerability statistics to FDN.

Boolean value: [0 | 1]

1

<scheduled_update> elements

Use these elements to define when FortiClient should look for engine, signature, and software updates, if enabled.

<enabled>

Enable scheduled updates.

Boolean value: [0 | 1]

1

<type>

Update frequency: daily or at regular hourly intervals. Enter one of the following:

  • daily
  • interval
interval

<daily_at>

Time of the day, in the format HH:MM (24-hour clock), this field is mandatory if the <type> tag is set to daily. This field specifies the time that FortiClient should check for updates.

<update_interval_in_hours>

Update interval in hours if the <type> tag is set to interval. This field specifies the frequency that FortiClient should check for updates. The minimum value is 1, the maximum value is 24.

3

When <use_custom_server> is 0 or both <server> and <fail_over_servers> are each an empty (null) string, FortiClient only uses the default FDN server for software updates. If a string is specified in <server> and communication fails with that server, each of the servers specified in <fail_over_servers> are tried until one succeeds. If that also fails, then software updates are not possible unless <fail_over_to_fdn> is set to 1.

If communication fails with the server(s) specified in both <server> and <fail_over_servers>, <fail_over_to_fdn> determines the next course of action as listed below:

<server>

<fail_over_to_fdn>

Result

“” (empty strings)

0

FortiClient only uses the FDN server.

“” (empty strings)

1

FortiClient only uses the FDN server.

“xyz” (valid IP address)

0

FortiClient never uses the FDN server.

“xyz” (valid IP address)

1

FortiClient only uses the FDN server as failover.