Push updates through a NAT device

Virus and attack definitions updates and registration

 

 

To enable push updates

1Go to System > Update.

2Select Allow Push Update.

3Select Apply.

About push updates

When you configure a FortiGate unit to allow push updates, the FortiGate unit sends a SETUP message to the FDN. The next time a new antivirus engine, new antivirus definitions, or new attack definitions are released, the FDN notifies all FortiGate units configured for push updates that a new update is available. Within 60 seconds of receiving a push notification, the FortiGate unit attempts to request an update from the FDN.

If available for your network configuration, configuring push updates is recommended in addition to configuring scheduled updates. Push updates mean that on average the FortiGate unit receives new updates sooner than if the FortiGate just receives scheduled updates. However, scheduled updates make sure that the FortiGate unit does eventually receives the latest updates.

Enabling push updates is not recommended as the only method for obtaining updates. The push notification may not be received by the FortiGate unit. Also, when the FortiGate unit receives a push notification it will only make one attempt to connect to the FDN and download updates.

Push updates and external dynamic IP addresses

If the external interface of the FortiGate unit is configured with a dynamic IP address (using PPPoE or DHCP), whenever the IP address of the external interface changes, a SETUP message is sent to the FDN to notify it of the change. As long as this SETUP message is sent, the FDN will have the most up-to-date IP address and the next push notification is sent to this IP address.

Push updates through a NAT device

If the FDN can only connect to the FortiGate unit through a NAT device, you must configure port forwarding on the NAT device and add the port forwarding information to the push update configuration. Using port forwarding, the FDN connects to the FortiGate unit using either port 9443 or an override push port that you assign.

Note: You cannot receive push updates through a NAT device if the external IP address of the

NAT device is dynamic (for example, set using PPPoE or DHCP).

96

Fortinet Inc.

Page 95 Page 97
Page 96
Image 96
Fortinet 100 user manual To enable push updates, About push updates, Push updates and external dynamic IP addresses
Page 95 Page 97
Top Page Image Contents