Enabling push updates
System Maintenance
FortiGate Version 4.0 Administration Guide
274
01-400-89802-20090424
If you have redundant connections to the Internet, the FortiGate unit also sends the
SETUP message when one Internet connection goes down and the FortiGate unit fails
over to another Internet connection.
In transparent mode, if you change the management IP address, the FortiGate unit also
sends the SETUP message to notify the FDN of the address change.
Enabling push updates through a NAT device
If the FDN connects only to the FortiGate unit through a NAT device, you must configure
port forwarding on the NAT device and add the port forwarding information to the push
update configuration. Port forwarding enables the FDN to connect to the FortiGate unit
using UDP on either port 9443 or an override push port that you specify.
If the external IP address of the NAT device is dynamic (PPPoE or DHCP), the FortiGate
unit is unable to receive push updates through a NAT device.
The following procedures configure the FortiGate unit to push updates through a NAT
device. These procedures also include adding port forwarding virtual IP and a firewall
policy to the NAT device.
Figure 161: Example network: Push updates through a NAT device
The overall process is:
1
Register the FortiGate unit on the internal network so that it has a current support
license and can receive push updates. For more information, see
2
Configure the following FortiGuard options on the FortiGate unit on the internal
network.
• Enable
Allow push updates
.
• Enable
Use override push IP
and enter the IP address. Usually this is the IP
address of the external interface of the NAT device.
• If required, change the override push update port.
3
Add a port forwarding virtual IP to the NAT device.
• Set the external IP address of the virtual IP to match the override push update IP.
Usually this is the IP address of the external interface of the NAT device.
Add a firewall policy to the FortiGate NAT device that includes the port forwarding virtual
IP.
Internal
network
NAT Device
Internet
FDN Server
172.16.35.144
(external interface)
Virtual IP
10.20.6.135
(external interface)
Note:
Push updates are not supported if the FortiGate unit must use a proxy server to
connect to the FDN. See
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...