Fortinet 5.0 Patch 6 Accessing FortiGuard via a web proxy, How often does Fortinet provide FortiGuard updates for FortiWeb?

Fortinet 140 FortiWeb 5.0 Patch 6 Administration Guide

Accessing FortiGuard via a web proxy

Using the CLI, you can configure the FortiWeb appliance to connect through an explicit

(non-transparent) web proxy server to the FortiGuard Distribution Network (FDN) for signature

updates.

For example, you might enter the following commands:

config system autoupdate tunneling

set status enable

set address 192.168.1.10

set port 8080

set username FortiWeb

set password myPassword1

end

For details, see the FortiWeb CLI Reference.

The FortiWeb appliance connects to the proxy using the HTTP CONNECT method, as described

in RFC 2616.

How often does Fortinet provide FortiGuard updates for FortiWeb?

Security is only as good as your most recent update. Without up-to-date signatures and

blacklists, your network would be vulnerable to new attacks. However, if the updates were

released before adequate testing and not accurate, FortiWeb scans would result in false

positives or false negatives. For maximum benefit and minimum risk, updates must balance the

two needs: to be both accurate and current.

Fortinet releases FortiGuard updates according to the best frequency for each technology.

•Antivirus — Multiple times per day. Updates are fast to test and low risk, while viruses can

spread quickly and the newest ones are most common.

•IP reputation — Once per day (approximately). Some time is required to make certain of an

IP address’s reputation, but waiting too long would increase the probability of blacklisting

innocent DHCP/PPPoE clients that re-use an IP address previously leased by an attacker.

•Attack, data type, suspicious URL, and data leak signatures — Once every 1-2 weeks

(approximately). Signatures must be tuned to be flexible enough to match heuristic

permutations of attacks without triggering false positives in similar but innocent HTTP

requests/responses. Signatures must then be thoroughly tested to analyze any performance

impacts and mismatches that are an inherent risk in feature-complete regular expression

engines. Many exploits and data leaks also continue to be relevant 2 years or more, much

longer than most viruses. This increases the value and makes it worthwhile to optimize,

tuning each signature to be both flexible and high-performance.

•Geography-to-IP mappings — Once every month (approximately). These change rarely.

Additionally, FortiWeb cannot poll for these updates and automatically apply them. You must

manually upload the updates (see “Updating data analytics definitions” on page 598).