System Maintenance
Enabling push updates
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
273
•
4
Select
Apply
.
The FortiGate unit tests the connection to the override server.
If the FortiGuard Distribution Network availability icon changes from gray to green, the
FortiGate unit has successfully connected to the override server.
If the FortiGuard Distribution Network availability icon stays gray, the FortiGate unit
cannot connect to the override server. Check the FortiGate configuration and network
configuration for settings that may prevent the FortiGate unit from connecting to the
override FortiGuard server.
To enable scheduled updates through a proxy server
If your FortiGate unit must connect to the Internet through a proxy server, you can use the
config system autoupdate tunneling
command syntax to allow the FortiGate unit
to connect (or tunnel) to the FDN using the proxy server. For more information, see the
.
Enabling push updates
The FDN can push updates to FortiGate units to provide the fastest possible response to
critical situations. You must register the FortiGate unit before it can receive push updates.
Register your FortiGate unit by going to the Fortinet Support web site,
and following the instructions.
When you configure a FortiGate unit to allow push updates, the FortiGate unit sends a
SETUP message to the FDN. The next time new antivirus or IPS attack definitions are
released, the FDN notifies all FortiGate units that are configured for push updates, that a
new update is available. Within 60 seconds of receiving a push notification, the FortiGate
unit requests the update from the FDN.
When the network configuration permits, configuring push updates is recommended in
addition to scheduled updates. Scheduled updates ensure that the FortiGate unit receives
current updates, but if push updates are also enabled, the FortiGate unit will usually
receive new updates sooner.
Fortinet does not recommend enabling push updates as the only method for obtaining
updates. The FortiGate unit might not receive the push notification. When the FortiGate
unit receives a push notification, it makes only one attempt to connect to the FDN and
download updates.
Enabling push updates when a FortiGate unit IP address changes
The SETUP message that the FortiGate unit sends when you enable push updates
includes the IP address of the FortiGate interface that the FDN connects to. The interface
used for push updates is the interface configured in the default route of the static routing
table.
The FortiGate unit sends the SETUP message if you:
•
change the IP address of this interface manually
•
have set the interface addressing mode to DHCP or PPPoE and your DHCP or PPPoE
server changes the IP address.
The FDN must be able to connect to this IP address so that your FortiGate unit can
receive push update messages. If your FortiGate unit is behind a NAT device, see
“Enabling push updates through a NAT device” on page 274
.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...