Fortinet 100 user manual Scheduled updates through a proxy server

5Set Port to the External Service Port added to the virtual IP. For the example topology, enter 45001.

6Select Apply.

The FortiGate unit sends the override push IP address and Port to the FDN. The FDN will now use this IP address and port for push updates to the FortiGate unit on the internal network.

If the External IP Address or External Service Port change, add the changes to the Use override push configuration and select Apply to update the push information on the FDN.

Figure 4: Example push update configuration

7Select Apply.

8You can select Refresh to make sure that push updates work. Push Update should change to Available.

Scheduled updates through a proxy server

If your FortiGate unit must connect to the Internet through a proxy server, you can use the set system autoupdate tunneling command to allow the FortiGate unit to connect (or tunnel) to the FDN using the proxy server. Using the command you can specify the IP address and port of the proxy server. As well, if the proxy server requires authentication, you can add the user name and password required for the proxy server to the autoupdate configuration. The full syntax for enabling updates through a proxy server is:

set system autouopdate tunneling enable [address <proxy-address_ip> [port <proxy-port> [username <username_str> [password <password_str>]]]]

For example, if the IP address of the proxy server is 64.23.6.89 and its port is 8080, enter the following command:

set system autouopdate tunneling enable address 64.23.6.89 port 8080

For more information about the set system autoupdate command, see Volume 6, FortiGate CLI Reference Guide.

The FortiGate unit connects to the proxy server using the HTTP CONNECT method, as described in RFC 2616. The FortiGate unit sends an HTTP CONNECT request to the proxy server (optionally with authentication information) specifying the IP address and port required to connect to the FDN. The proxy server establishes the connection to the FDN and passes information between the FortiGate unit and the FDN.

The CONNECT method is used mostly for tunneling SSL traffic. Some proxy servers won't allow the CONNECT to connect to just any port; they restrict the allowed ports to the well known ports for HTTPS and perhaps some other similar services. Because FortiGate autoupdates use HTTPS on port 8890 to connect to the FDN, your proxy server may have to be configured to allow connections on this port.