Updating antivirus and attack definitions

Virus and attack definitions updates and registration

 

 

To enable push updates

1Go to System > Update.

2Select Allow Push Update.

3Select Apply.

About push updates

When you configure a FortiGate unit to allow push updates, the FortiGate unit sends a SETUP message to the FDN. The next time a new antivirus engine, new antivirus definitions, or new attack definitions are released, the FDN notifies all FortiGate units configured for push updates that a new update is available. Within 60 seconds of receiving a push notification, the FortiGate unit attempts to request an update from the FDN.

If available for your network configuration, configuring push updates is recommended in addition to configuring scheduled updates. Push updates mean that on average the FortiGate unit receives new updates sooner than if the FortiGate just receives scheduled updates. However, scheduled updates make sure that the FortiGate unit does eventually receives the latest updates.

Enabling push updates is not recommended as the only method for obtaining updates. The push notification may not be received by the FortiGate unit. Also, when the FortiGate unit receives a push notification it will only make one attempt to connect to the FDN and download updates.

Push updates through a NAT device

If the FDN can only connect to the FortiGate unit through a NAT device, you must configure port forwarding on the NAT device and add the port forwarding information to the push update configuration. Using port forwarding, the FDN connects to the FortiGate unit using either port 9443 or an override push port that you assign.

Note: You cannot receive push updates through a NAT device if the external IP address of the

NAT device is dynamic (for example, set using PPPoE or DHCP).

Example: push updates through a NAT device

This example describes how to configure a FortiGate NAT device to forward push updates to a FortiGate unit installed on its internal network. For the FortiGate unit on the internal network to receive push updates, the FortiGate NAT device must be configured with a port forwarding virtual IP. This virtual IP maps the IP address of the external interface of the FortiGate NAT device and a custom port to the IP address of the FortiGate unit on the internal network. This IP address can either be the external IP address of the FortiGate unit if it is operating in NAT/Route mode or the Management IP address of the FortiGate unit if it is operating in Transparent mode.

Note: This example describes the configuration for a FortiGate NAT device. However, any NAT device with a static external IP address that can be configured for port forwarding can be used.

120

Fortinet Inc.

Page 120
Image 120
Fortinet 400 manual To enable push updates, About push updates, Push updates through a NAT device, 120