System Maintenance
Configuring FortiGuard Services
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
265
•
The FortiGate unit must be able to connect to the FDN using HTTPS on port 443 to
receive scheduled updates. For more information, see
“To enable scheduled updates” on
You can also configure the FortiGate unit to receive push updates. When the FortiGate
unit is receiving push updates, the FDN must be able to route packets to the FortiGate unit
using UDP port 9443. For more information, see
“Enabling push updates” on page 273
. If
the FortiGate unit is behind a NAT device, see
“Enabling push updates through a NAT
FortiGuard services
Worldwide coverage of FortiGuard services is provided by FortiGuard service points.
When the FortiGate unit is connecting to the FDN, it is connecting to the closest
FortiGuard service point. Fortinet adds new service points as required.
If the closest service point becomes unreachable for any reason, the FortiGate unit
contacts another service point and information is available within seconds. By default, the
FortiGate unit communicates with the service point via UDP on port 53. Alternately, you
can switch the UDP port used for service point communication to port 8888 by going to
System > Maintenance > FortiGuard
.
If you need to change the default FortiGuard service point host name, use the
hostname
keyword in the
system fortiguard
CLI command. You cannot change the FortiGuard
service point name using the web-based manager.
For more information about FortiGuard services, see the
web page.
FortiGuard Antispam service
FortiGuard Antispam is an antispam system from Fortinet that includes an IP address
black list, a URL black list, spam filtering tools, contained in an antispam rule set that is
downloaded to the FortiGate unit. The IP address black list contains IP addresses of email
servers known to generate spam. The URL black list contains URLs that are found in
spam email.
FortiGuard Antispam processes are completely automated and configured by Fortinet.
With constant monitoring and dynamic updates, FortiGuard Antispam is always current.
You can either enable or disable FortiGuard Antispam in the Firewall menu in a protection
profile. For more information, see
“Spam Filtering options” on page 416
Every FortiGate unit comes with a free 30-day FortiGuard Antispam trial license.
FortiGuard Antispam license management is performed by Fortinet servers; there is no
need to enter a license number. The FortiGate unit automatically contacts a FortiGuard
Antispam service point when enabling FortiGuard Antispam. Contact Fortinet Technical
support to renew the FortiGuard Antispam license after the free trial expires.
You can globally enable FortiGuard Antispam in
System > Maintenance > FortiGuard
and
then configure Spam Filtering options in each firewall protection profile in
Firewall >
Protection Profile
. For more information, see
“Spam Filtering options” on page 416
FortiGuard Web Filtering service
FortiGuard Web Filtering is a managed web filtering solution provided by Fortinet.
FortiGuard Web Filtering sorts hundreds of millions of web pages into a wide range of
categories users can allow, block, or monitor. The FortiGate unit accesses the nearest
FortiGuard Web Filtering service point to determine the category of a requested web
page, then follows the firewall policy configured for that user or interface.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...