Fortinet white logo
Fortinet white logo

Administration Guide

Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS

Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS

By default, FortiManager connects to the public FDN to download security feature updates, including databases and engines for security feature updates such as Antivirus and IPS. Your FortiManager can be configured to use a second, local FortiManager for FDS updates.

To use a second FortiManager as the FDS in cascade mode:
  1. Configure the upstream FortiManager that is connected to FDS.

    1. On the upstream FortiManager, enable FortiGate Updates, FortiClient Updates, and Webfilter-Antispam service access on the interface where the downstream FortiManager(s) will connect. For example, in the FortiManager CLI you can enter the following commands:
      edit "port1"
      	set ip x.x.x.x 255.255.254.0
      	set allowaccess ping https ssh snmp http webservice
      	set serviceaccess fgtupdates fclupdates webfilter-antispam
      	set type physical
      next
    Note

    In a closed network environment, the upstream FortiManager can be configured to operate as the local FDS by manually downloading package updates and licenses. See Operating as an FDS in a closed network.

  2. Configure the downstream FortiManager.

    1. On the second FortiManager, go to FortiGuard > Settings.

    2. Ensure that Communication with FortiGuard Server is set to Global Servers.

    3. Under FortiGuard Antivirus and IPS Settings:

      1. Turn on Use Override Server Address for FortiGate/FortiMail and enter the IP address of the FortiManager unit being used as the FDS, and port number 8890.

      2. If required, turn on Use Override Server Address for FortiClient and enter the IP address of the FortiManager unit being used as the FDS, and port number 8891.

    4. Under FortiGuard Web Filter and Email Filter Settings:

      1. Turn on Use Override Server Address for FortiGate/FortiMail and enter the IP address of the FortiManager unit being used as the FDS, and port number 8900.

      2. If required, turn on Use Override Server Address for FortiClient and enter the IP address of the FortiManager unit being used as the FDS, and port number 8901.

    5. Click Apply.

      The FortiManager will use the second FortiManager unit as the FDS.

Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS

Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS

By default, FortiManager connects to the public FDN to download security feature updates, including databases and engines for security feature updates such as Antivirus and IPS. Your FortiManager can be configured to use a second, local FortiManager for FDS updates.

To use a second FortiManager as the FDS in cascade mode:
  1. Configure the upstream FortiManager that is connected to FDS.

    1. On the upstream FortiManager, enable FortiGate Updates, FortiClient Updates, and Webfilter-Antispam service access on the interface where the downstream FortiManager(s) will connect. For example, in the FortiManager CLI you can enter the following commands:
      edit "port1"
      	set ip x.x.x.x 255.255.254.0
      	set allowaccess ping https ssh snmp http webservice
      	set serviceaccess fgtupdates fclupdates webfilter-antispam
      	set type physical
      next
    Note

    In a closed network environment, the upstream FortiManager can be configured to operate as the local FDS by manually downloading package updates and licenses. See Operating as an FDS in a closed network.

  2. Configure the downstream FortiManager.

    1. On the second FortiManager, go to FortiGuard > Settings.

    2. Ensure that Communication with FortiGuard Server is set to Global Servers.

    3. Under FortiGuard Antivirus and IPS Settings:

      1. Turn on Use Override Server Address for FortiGate/FortiMail and enter the IP address of the FortiManager unit being used as the FDS, and port number 8890.

      2. If required, turn on Use Override Server Address for FortiClient and enter the IP address of the FortiManager unit being used as the FDS, and port number 8891.

    4. Under FortiGuard Web Filter and Email Filter Settings:

      1. Turn on Use Override Server Address for FortiGate/FortiMail and enter the IP address of the FortiManager unit being used as the FDS, and port number 8900.

      2. If required, turn on Use Override Server Address for FortiClient and enter the IP address of the FortiManager unit being used as the FDS, and port number 8901.

    5. Click Apply.

      The FortiManager will use the second FortiManager unit as the FDS.