Fortinet black logo

Administration Guide

Home FortiProxy 7.0.0 Administration Guide
7.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

FortiGuard

FortiGuard

The FortiGuard Distribution Network page provides information and configuration settings for FortiGuard subscription services. For more information about FortiGuard services, see FortiGuard Labs.

To view and configure FortiGuard connections, go to System > FortiGuard.

Configure the following settings and select Apply:

FortiCare Support

The availability or status of your unit’s support contract. The status can be Unreachable, Not Registered, or Valid Contract. Select Launch Portal to log in to FortiCloud.

You can update your registration status by selecting Register and loading the license file from a location on your management computer.

Application Control Signatures

Application Control is a free FortiGuard service. Application Control allows you to identify and control applications on networks and endpoints regardless of port, protocol, and IP address used. It gives you unmatched visibility and control over application traffic, even traffic from unknown applications and sources. Although the Application Control profile can be used for free, signature database updates require a valid FortiGuard subscription. To update the database of Application Control signatures, select Upgrade Database.

IPS

The FortiGuard Intrusion Prevention System (IPS) uses a customizable database of more than 4000 known threats to stop attacks that evade conventional firewall defenses. It also provides behavior-based heuristics, enabling the system to recognize threats when no signature has yet been developed. It also provides more than 1000 application identity signatures for complete Application Control. To update the IPS database, select Upgrade Database.

AntiVirus

The FortiGuard AntiVirus Service provides fully automated updates to ensure protection against the latest content level threats. It employs advanced virus, spyware, and heuristic detection engines to prevent both new and evolving threats from gaining access to your network and protects against vulnerabilities. To update the antivirus database, select Upgrade Database.

Industrial DB

The FortiGuard Industrial Security Service provides in-line protection and proactive filtering of malicious and unauthorized network traffic; it enforces security policies tailored to industrial environments, protocols, and equipment. To update the industrial database, select Upgrade Database.

Web Filtering

Web Filtering provides Web URL filtering to block access to harmful, inappropriate, and dangerous web sites that may contain phishing/pharming attacks, malware such as spyware, or objectionable content that can expose your organization to legal liability. Based on automatic research tools and targeted research analysis, real-time updates enable you to apply highly-granular policies that filter web access based on 78 web content categories, over 45 million rated web sites, and more than two billion web pages—all continuously updated.

Virtual Machine

To upload or check your virtual machine license, select FortiProxy VM License.

Content Analysis

FortiGuard Content Analysis Service is a licensed feature for the real-time analysis of images to detect adult content. Detection of adult content in images uses various patented techniques (not just color-based), including limb and body part detection, body position, and so on. When adult content is detected, such content can be optionally blocked or reported.

Antivirus & IPS Updates

Accept push updates

Enable to allow updates sent automatically to your FortiProxy. New definitions are added as soon as they are released by FortiGuard. If a specific override push IP address is required, select Use override push IP and enter an IP address and port number in the required fields.

Use override push

This option is available only when Accept push updates is enabled.

Enable to configure an override server if you cannot connect to the FDN or if your organization provides updates using their own FortiGuard server.

Enter the IP address and port of the NAT device in front of your FortiProxy. FDN connects to this device when attempting to reach the FortiProxy. The NAT device must be configured to forward the FDN traffic to the FortiProxy unit on UDP port 9443.

Scheduled Updates

Enable to receive scheduled updates and then select when the updates occur: Every 1-23 hours, Daily at a specific hour, or Weekly on a specific day at a specific hour.

Improve IPS quality

Enable to help Fortinet maintain and improve IPS signatures. The information sent to the FortiGuard servers when an attack occurs and can be used to keep the database current as variants of attacks evolve.

Use extended IPS signature package

Some models have access to an extended IPS database.

Update AV & IPS Definitions

Select to manually initiate an FDN update.

Update Server Location

US only/Lowest latency locations

Select whether to access FortiGuard servers within the United States or the quickest FortiGuard servers.

Filtering

Web Filter Cache

Enable the web filter cache.

Enter the number of minutes the FortiProxy unit stores blocked IP addresses or URLs locally, saving time and network access traffic by not checking the FortiGuard server. After the specified time, the FortiProxy unit contacts the FDN server to verify a web address.

Clear Web Filter Cache

Select to manually delete the contents of the web filter cache.

FortiGuard Filtering Protocol

Select the protocol to use to contact the FortiGuard servers, either HTTPS or UDP.

FortiGuard Filtering Port

Select the port assignments for contacting the FortiGuard servers, either the default port (53) or the alternate port (8888).

Filtering Services Availability

Indicates the status of filtering service. Select Check Again if the filtering service is not available and then click OK in the confirmation dialog box. A warning is displayed if the FortiProxy unit does not have a valid license.

Request re-evaluation of a URL's category

Select to re-evaluate a URL’s category rating using the Fortinet Live URL Rating Support (opens in a new browser window).

Override FortiGuard Servers

By default, the FortiProxy unit updates signature packages and queries rating servers using public FortiGuard servers. You can override this list of servers. You can also disable communication with public FortiGuard servers.

Create New

Select to display the Create New Override FortiGuard Server page.

Edit

Select a server in the list and click Edit to display the Edit Override FortiGuard Server page.

Delete

Select a server in the list and select Delete to remove one of the servers in the list.

To remove multiple servers, select multiple rows in the list by holding down the Ctrl or Shift keys and then select Delete.

Setting automatic updates for FortiGuard packages

The default auto-update schedule for FortiGuard packages has been updated. Previously, the frequency was a reoccurring random interval within two hours. You can select an update frequency of automatic, and the update interval is calculated based on the model and percentage of valid subscriptions. The update interval is within one hour.

config system autoupdate schedule
    set frequency {every | daily | weekly | automatic}
end

FortiGuard Outbreak Prevention

FortiGuard Virus Outbreak Protection Service (VOS) allows the FortiProxy antivirus database to be subsidized with third-party malware hash signatures curated by FortiGuard. The hash signatures are obtained from FortiGuardʼs Global Threat Intelligence database. The antivirus database queries FortiGuard with the hash of a scanned file. If FortiGuard returns a match, the scanned file is deemed to be malicious. Enabling the AV engine scan is not required to use this feature.

NOTE: The FortiProxy unit must be registered with a valid FortiGuard outbreak prevention license.

To verify FortiGuard antivirus license information:

Go to System > FortiGuard and locate the Outbreak Prevention section in the License Information table.

To enable FortiGuard outbreak prevention:

  1. Go to Security Profiles > AntiVirus.

  2. Edit an antivirus profile or create a new one.

  3. Under Outbreak Protection, enable Block or Monitor for each protocol.

  4. Click OK.

Antiphish pattern database

To update the antiphish pattern database:

  1. Go to System > FortiGuard and in the right-side pane, click Update Licenses & Definitions Now.

  2. Enter the following in the CLI:

    # diagnose autoupdate versions
...
AntiPhish Pattern DB
---------
Version: 0.00000
Contract Expiry Date: n/a
Last Updated using manual update on Tue Nov 30 00:00:00 1999
Last Update Attempt: Wed Sep 29 14:00:11 2021
Result: No Updates
Previous
Next

FortiGuard

The FortiGuard Distribution Network page provides information and configuration settings for FortiGuard subscription services. For more information about FortiGuard services, see FortiGuard Labs.

To view and configure FortiGuard connections, go to System > FortiGuard.

Configure the following settings and select Apply:

FortiCare Support

The availability or status of your unit’s support contract. The status can be Unreachable, Not Registered, or Valid Contract. Select Launch Portal to log in to FortiCloud.

You can update your registration status by selecting Register and loading the license file from a location on your management computer.

Application Control Signatures

Application Control is a free FortiGuard service. Application Control allows you to identify and control applications on networks and endpoints regardless of port, protocol, and IP address used. It gives you unmatched visibility and control over application traffic, even traffic from unknown applications and sources. Although the Application Control profile can be used for free, signature database updates require a valid FortiGuard subscription. To update the database of Application Control signatures, select Upgrade Database.

IPS

The FortiGuard Intrusion Prevention System (IPS) uses a customizable database of more than 4000 known threats to stop attacks that evade conventional firewall defenses. It also provides behavior-based heuristics, enabling the system to recognize threats when no signature has yet been developed. It also provides more than 1000 application identity signatures for complete Application Control. To update the IPS database, select Upgrade Database.

AntiVirus

The FortiGuard AntiVirus Service provides fully automated updates to ensure protection against the latest content level threats. It employs advanced virus, spyware, and heuristic detection engines to prevent both new and evolving threats from gaining access to your network and protects against vulnerabilities. To update the antivirus database, select Upgrade Database.

Industrial DB

The FortiGuard Industrial Security Service provides in-line protection and proactive filtering of malicious and unauthorized network traffic; it enforces security policies tailored to industrial environments, protocols, and equipment. To update the industrial database, select Upgrade Database.

Web Filtering

Web Filtering provides Web URL filtering to block access to harmful, inappropriate, and dangerous web sites that may contain phishing/pharming attacks, malware such as spyware, or objectionable content that can expose your organization to legal liability. Based on automatic research tools and targeted research analysis, real-time updates enable you to apply highly-granular policies that filter web access based on 78 web content categories, over 45 million rated web sites, and more than two billion web pages—all continuously updated.

Virtual Machine

To upload or check your virtual machine license, select FortiProxy VM License.

Content Analysis

FortiGuard Content Analysis Service is a licensed feature for the real-time analysis of images to detect adult content. Detection of adult content in images uses various patented techniques (not just color-based), including limb and body part detection, body position, and so on. When adult content is detected, such content can be optionally blocked or reported.

Antivirus & IPS Updates

Accept push updates

Enable to allow updates sent automatically to your FortiProxy. New definitions are added as soon as they are released by FortiGuard. If a specific override push IP address is required, select Use override push IP and enter an IP address and port number in the required fields.

Use override push

This option is available only when Accept push updates is enabled.

Enable to configure an override server if you cannot connect to the FDN or if your organization provides updates using their own FortiGuard server.

Enter the IP address and port of the NAT device in front of your FortiProxy. FDN connects to this device when attempting to reach the FortiProxy. The NAT device must be configured to forward the FDN traffic to the FortiProxy unit on UDP port 9443.

Scheduled Updates

Enable to receive scheduled updates and then select when the updates occur: Every 1-23 hours, Daily at a specific hour, or Weekly on a specific day at a specific hour.

Improve IPS quality

Enable to help Fortinet maintain and improve IPS signatures. The information sent to the FortiGuard servers when an attack occurs and can be used to keep the database current as variants of attacks evolve.

Use extended IPS signature package

Some models have access to an extended IPS database.

Update AV & IPS Definitions

Select to manually initiate an FDN update.

Update Server Location

US only/Lowest latency locations

Select whether to access FortiGuard servers within the United States or the quickest FortiGuard servers.

Filtering

Web Filter Cache

Enable the web filter cache.

Enter the number of minutes the FortiProxy unit stores blocked IP addresses or URLs locally, saving time and network access traffic by not checking the FortiGuard server. After the specified time, the FortiProxy unit contacts the FDN server to verify a web address.

Clear Web Filter Cache

Select to manually delete the contents of the web filter cache.

FortiGuard Filtering Protocol

Select the protocol to use to contact the FortiGuard servers, either HTTPS or UDP.

FortiGuard Filtering Port

Select the port assignments for contacting the FortiGuard servers, either the default port (53) or the alternate port (8888).

Filtering Services Availability

Indicates the status of filtering service. Select Check Again if the filtering service is not available and then click OK in the confirmation dialog box. A warning is displayed if the FortiProxy unit does not have a valid license.

Request re-evaluation of a URL's category

Select to re-evaluate a URL’s category rating using the Fortinet Live URL Rating Support (opens in a new browser window).

Override FortiGuard Servers

By default, the FortiProxy unit updates signature packages and queries rating servers using public FortiGuard servers. You can override this list of servers. You can also disable communication with public FortiGuard servers.

Create New

Select to display the Create New Override FortiGuard Server page.

Edit

Select a server in the list and click Edit to display the Edit Override FortiGuard Server page.

Delete

Select a server in the list and select Delete to remove one of the servers in the list.

To remove multiple servers, select multiple rows in the list by holding down the Ctrl or Shift keys and then select Delete.

Setting automatic updates for FortiGuard packages

The default auto-update schedule for FortiGuard packages has been updated. Previously, the frequency was a reoccurring random interval within two hours. You can select an update frequency of automatic, and the update interval is calculated based on the model and percentage of valid subscriptions. The update interval is within one hour.

config system autoupdate schedule
    set frequency {every | daily | weekly | automatic}
end

FortiGuard Outbreak Prevention

FortiGuard Virus Outbreak Protection Service (VOS) allows the FortiProxy antivirus database to be subsidized with third-party malware hash signatures curated by FortiGuard. The hash signatures are obtained from FortiGuardʼs Global Threat Intelligence database. The antivirus database queries FortiGuard with the hash of a scanned file. If FortiGuard returns a match, the scanned file is deemed to be malicious. Enabling the AV engine scan is not required to use this feature.

NOTE: The FortiProxy unit must be registered with a valid FortiGuard outbreak prevention license.

To verify FortiGuard antivirus license information:

Go to System > FortiGuard and locate the Outbreak Prevention section in the License Information table.

To enable FortiGuard outbreak prevention:

  1. Go to Security Profiles > AntiVirus.

  2. Edit an antivirus profile or create a new one.

  3. Under Outbreak Protection, enable Block or Monitor for each protocol.

  4. Click OK.

Antiphish pattern database

To update the antiphish pattern database:

  1. Go to System > FortiGuard and in the right-side pane, click Update Licenses & Definitions Now.

  2. Enter the following in the CLI:

    # diagnose autoupdate versions
...
AntiPhish Pattern DB
---------
Version: 0.00000
Contract Expiry Date: n/a
Last Updated using manual update on Tue Nov 30 00:00:00 1999
Last Update Attempt: Wed Sep 29 14:00:11 2021
Result: No Updates
Previous
Next