Fortinet white logo
Fortinet white logo

Administration Guide

Operating as an FDS in a closed network

Operating as an FDS in a closed network

The FortiManager can be operated as a local FDS server when it is in a closed network with no internet connectivity.

Without a connection to a FortiGuard server, update packages and licenses must be manually downloaded from support, and then uploaded to the FortiManager.

As databases can be large, we recommend uploading them using the CLI. See Uploading packages with the CLI.

Go to FortiGuard > Settings to configure FortiManager as a local FDS server and to upload update packages and license.

Enable Communication with FortiGuard Servers

Toggle OFF to disable communication with the FortiGuard servers.

Enable Antivirus and IPS Service

Toggle ON to enable antivirus and intrusion protection service.

When on, select what versions of FortiGate, FortiClient, FortiAnalyzer, and FortiMail to download updates for.

Enable Web Filter Services

Toggle ON to enable web filter services. When uploaded to FortiManager, the Web Filter database is displayed.

Enable Email Filter Services

Toggle ON to enable email filter services. When uploaded to FortiManager, the Email Filter database is displayed.

Upload Options for FortiGate/FortiMail

AntiVirus/IPS Packages

Select to upload antivirus and IPS packages. Browse for the file you downloaded from the Customer Service & Support portal on your management computer, or drag and drop the file onto the dialog box.

Click OK to upload the package to FortiManager.

Web Filter Database

Select to upload the web filter database. Browse for the file you downloaded from the Customer Service & Support portal on your management computer, or drag and drop the file onto the dialog box.

Click OK to upload the package to FortiManager.

As the database can be large, uploading with the CLI is recommended. See Uploading packages with the CLI.

Email Filter Database

Select to upload the email filter database. Browse for the file you downloaded from the Customer Service & Support portal on your management computer.

Click OK to upload the package to FortiManager.

As the database can be large, uploading with the CLI is recommended. See Uploading packages with the CLI.

Service License

Select to import the FortiGate license. Browse for the file on your management computer, or drag and drop the file onto the dialog box.

Click OK to upload the package to FortiManager.

A license file can be obtained from support by requesting your account entitlement for the device.

Upload Options for FortiClient

AntiVirus/IPS Packages

Select to upload the FortiClient AntiVirus/IPS packages. Browse for the file you downloaded from the Customer Service & Support portal on your management computer, or drag and drop the file onto the dialog box.

Click OK to upload the package to FortiManager.

Uploading packages with the CLI

Packages and licenses can be uploaded using the CLI. This should be used when the packages being uploaded are large, like database packages.

To upload packages and license files using the CLI:
  1. If not already done, disable communications with the FortiGuard server and enable a closed network with the following CLI commands:

    config fmupdate publicnetwork

    set status disable

    end

  2. Upload an update package or license:
    1. Load the package or license file to an FTP, SCP, or TFTP server
    2. Run the following CLI command:

      execute fmupdate {ftp | scp | tftp} import <av-ips | fct-av | url | spam | file-query | license-fgt | license-fct | custom-url | domp> <remote_file> <ip> <port> <remote_path> <user> <password>

Operating as an FDS in a closed network

Operating as an FDS in a closed network

The FortiManager can be operated as a local FDS server when it is in a closed network with no internet connectivity.

Without a connection to a FortiGuard server, update packages and licenses must be manually downloaded from support, and then uploaded to the FortiManager.

As databases can be large, we recommend uploading them using the CLI. See Uploading packages with the CLI.

Go to FortiGuard > Settings to configure FortiManager as a local FDS server and to upload update packages and license.

Enable Communication with FortiGuard Servers

Toggle OFF to disable communication with the FortiGuard servers.

Enable Antivirus and IPS Service

Toggle ON to enable antivirus and intrusion protection service.

When on, select what versions of FortiGate, FortiClient, FortiAnalyzer, and FortiMail to download updates for.

Enable Web Filter Services

Toggle ON to enable web filter services. When uploaded to FortiManager, the Web Filter database is displayed.

Enable Email Filter Services

Toggle ON to enable email filter services. When uploaded to FortiManager, the Email Filter database is displayed.

Upload Options for FortiGate/FortiMail

AntiVirus/IPS Packages

Select to upload antivirus and IPS packages. Browse for the file you downloaded from the Customer Service & Support portal on your management computer, or drag and drop the file onto the dialog box.

Click OK to upload the package to FortiManager.

Web Filter Database

Select to upload the web filter database. Browse for the file you downloaded from the Customer Service & Support portal on your management computer, or drag and drop the file onto the dialog box.

Click OK to upload the package to FortiManager.

As the database can be large, uploading with the CLI is recommended. See Uploading packages with the CLI.

Email Filter Database

Select to upload the email filter database. Browse for the file you downloaded from the Customer Service & Support portal on your management computer.

Click OK to upload the package to FortiManager.

As the database can be large, uploading with the CLI is recommended. See Uploading packages with the CLI.

Service License

Select to import the FortiGate license. Browse for the file on your management computer, or drag and drop the file onto the dialog box.

Click OK to upload the package to FortiManager.

A license file can be obtained from support by requesting your account entitlement for the device.

Upload Options for FortiClient

AntiVirus/IPS Packages

Select to upload the FortiClient AntiVirus/IPS packages. Browse for the file you downloaded from the Customer Service & Support portal on your management computer, or drag and drop the file onto the dialog box.

Click OK to upload the package to FortiManager.

Uploading packages with the CLI

Packages and licenses can be uploaded using the CLI. This should be used when the packages being uploaded are large, like database packages.

To upload packages and license files using the CLI:
  1. If not already done, disable communications with the FortiGuard server and enable a closed network with the following CLI commands:

    config fmupdate publicnetwork

    set status disable

    end

  2. Upload an update package or license:
    1. Load the package or license file to an FTP, SCP, or TFTP server
    2. Run the following CLI command:

      execute fmupdate {ftp | scp | tftp} import <av-ips | fct-av | url | spam | file-query | license-fgt | license-fct | custom-url | domp> <remote_file> <ip> <port> <remote_path> <user> <password>