Fortinet 400 120 , To enable push updates, About push updates, Push updates through a NAT device, Example: push updates through a NAT device

120 Fortinet Inc.

Updating antivirus and attack definitions Virus and attack definitions updates and registration

To enable push updates

1Go to System > Update.

2Select Allow Push Update.

3Select Apply.

About push updates

When you configure a FortiGate unit to allow push updates, the FortiGate unit sends a

SETUP message to the FDN. The next time a new antivirus engine, new antivirus

definitions, or new attack definitions are released, the FDN notifies all FortiGate units

configured for push updates that a new update is available. Within 60 seconds of

receiving a push notification, the FortiGate unit attempts to request an update from the

FDN.

If available for your network configuration, configuring push updates is recommended

in addition to configuring scheduled updates. Push updates mean that on average the

FortiGate unit receives new updates sooner than if the FortiGate just receives

scheduled updates. However, scheduled updates make sure that the FortiGate unit

does eventually receives the latest updates.

Enabling push updates is not recommended as the only method for obtaining updates.

The push notification may not be received by the FortiGate unit. Also, when the

FortiGate unit receives a push notification it will only make one attempt to connect to

the FDN and download updates.

Push updates through a NAT device

If the FDN can only connect to the FortiGate unit through a NAT device, you must

configure port forwarding on the NAT device and add the port forwarding information

to the push update configuration. Using port forwarding, the FDN connects to the

FortiGate unit using either port 9443 or an override push port that you assign.

Example: push updates through a NAT device

This example describes how to configure a FortiGate NAT device to forward push

updates to a FortiGate unit installed on its internal network. For the FortiGate unit on

the internal network to receive push updates, the FortiGate NAT device must be

configured with a port forwarding virtual IP. This virtual IP maps the IP address of the

external interface of the FortiGate NAT device and a custom port to the IP address of

the FortiGate unit on the internal network. This IP address can either be the external

IP address of the FortiGate unit if it is operating in NAT/Route mode or the

Management IP address of the FortiGate unit if it is operating in Transparent mode.

Note: You cannot receive push updates through a NAT device if the external IP address of the

NAT device is dynamic (for example, set using PPPoE or DHCP).

Note: This example describes the configuration for a FortiGate NAT device. However, any NAT

device with a static external IP address that can be configured for port forwarding can be used.