Fortinet white logo
Fortinet white logo

Cookbook

Automatic updates

Automatic updates

The FortiGate can be configured to request updates from FDN on a schedule, or via push notification.

Scheduled updates

Scheduling updates ensures that the virus and IPS definitions are downloaded to your FortiGate on a regular basis.

Updating definitions can cause a brief disruption in traffic that is currently being scanned while the FortiGate unit applies the new signature database. Updates should be scheduled during off-peak hours when network usage is at a minimum to ensure that network activity will not be affected by downloading the definitions files.

Note

A schedule of once a week means any urgent updates will not be pushed until the scheduled time. If an urgent update is required, click the Update AV & IPS Definitions button to manually update the definitions.

To configure scheduled updates in the GUI:
  1. Go to System > FortiGuard
  2. Scroll down to the AntiVirus & IPS Updates section.
  3. Enable Scheduled Updates.
  4. Configure the update schedule.

  5. Click Apply.
To configure scheduled updates in the CLI:
config system autoupdate schedule
    set status enable
    set frequency {every | daily | weekly}
    set time <hh:mm>
    set day <day_of_week>
end

Push updates

Push updates enable you to get immediate updates when new viruses or intrusions are discovered and new signatures are created. This ensures that the latest signature are sent to the FortiGate as soon as possible.

When a push notification occurs, the FortiGuard server sends a notice to the FortiGate that a new signature definition file available. The FortiGate then initiates a download of the definition file. For maximum security, both scheduled and push updates should be enabled.

To enable push updates - GUI:
  1. Go to System > FortiGuard
  2. Scroll down to the AntiVirus & IPS Updates section.
  3. Enable Accept push updates.
  4. Click Apply.
To enable push updates in the CLI:
config system autoupdate push-update
    set status enable
    set override {enable | disable}
    set address <vip_address>
end

Override push

If the FortiGate is behind a NAT device (or another FortiGate), or if your organization provides updates using their own FortiGuard server, an override server must be used to ensure that the FortiGate receives push update notifications. The FDS will connect to the NAT device when attempting to reach the FortiGate, and the NAT device must be configured to forward FDS traffic to the FortiGate on UDP port 9443.

Push updates must be enabled to configure a push update override.

For example, if the NAT device is another FortiGate:

  1. On the FortiGate NAT device, add a port forwarding virtual IP address in Policy & Objects > Virtual IPs. See for details.
  2. On the FortiGate NAT device, add a security policy that connects to the internet and includes the port forwarding VIP.
  3. On the internal FortiGate device, configure Push update override.
To configure push update override in the GUI:
  1. Go to System > FortiGuard
  2. Scroll down to the AntiVirus & IPS Updates section.
  3. Enable Accept push updates.
  4. Enable Use override push.
  5. Enter the IP address and port number configured on the NAT device.
  6. Click Apply.
To configure push update override in the CLI:
config system autoupdate push-update
    set status enable
    set override {enable | disable}
    set address <vip_address>
end

Automatic updates

Automatic updates

The FortiGate can be configured to request updates from FDN on a schedule, or via push notification.

Scheduled updates

Scheduling updates ensures that the virus and IPS definitions are downloaded to your FortiGate on a regular basis.

Updating definitions can cause a brief disruption in traffic that is currently being scanned while the FortiGate unit applies the new signature database. Updates should be scheduled during off-peak hours when network usage is at a minimum to ensure that network activity will not be affected by downloading the definitions files.

Note

A schedule of once a week means any urgent updates will not be pushed until the scheduled time. If an urgent update is required, click the Update AV & IPS Definitions button to manually update the definitions.

To configure scheduled updates in the GUI:
  1. Go to System > FortiGuard
  2. Scroll down to the AntiVirus & IPS Updates section.
  3. Enable Scheduled Updates.
  4. Configure the update schedule.

  5. Click Apply.
To configure scheduled updates in the CLI:
config system autoupdate schedule
    set status enable
    set frequency {every | daily | weekly}
    set time <hh:mm>
    set day <day_of_week>
end

Push updates

Push updates enable you to get immediate updates when new viruses or intrusions are discovered and new signatures are created. This ensures that the latest signature are sent to the FortiGate as soon as possible.

When a push notification occurs, the FortiGuard server sends a notice to the FortiGate that a new signature definition file available. The FortiGate then initiates a download of the definition file. For maximum security, both scheduled and push updates should be enabled.

To enable push updates - GUI:
  1. Go to System > FortiGuard
  2. Scroll down to the AntiVirus & IPS Updates section.
  3. Enable Accept push updates.
  4. Click Apply.
To enable push updates in the CLI:
config system autoupdate push-update
    set status enable
    set override {enable | disable}
    set address <vip_address>
end

Override push

If the FortiGate is behind a NAT device (or another FortiGate), or if your organization provides updates using their own FortiGuard server, an override server must be used to ensure that the FortiGate receives push update notifications. The FDS will connect to the NAT device when attempting to reach the FortiGate, and the NAT device must be configured to forward FDS traffic to the FortiGate on UDP port 9443.

Push updates must be enabled to configure a push update override.

For example, if the NAT device is another FortiGate:

  1. On the FortiGate NAT device, add a port forwarding virtual IP address in Policy & Objects > Virtual IPs. See for details.
  2. On the FortiGate NAT device, add a security policy that connects to the internet and includes the port forwarding VIP.
  3. On the internal FortiGate device, configure Push update override.
To configure push update override in the GUI:
  1. Go to System > FortiGuard
  2. Scroll down to the AntiVirus & IPS Updates section.
  3. Enable Accept push updates.
  4. Enable Use override push.
  5. Enter the IP address and port number configured on the NAT device.
  6. Click Apply.
To configure push update override in the CLI:
config system autoupdate push-update
    set status enable
    set override {enable | disable}
    set address <vip_address>
end