Fortinet 140 FortiWeb 5.0 Patch 6 Administration Guide
Accessing FortiGuard via a web proxyUsing the CLI, you can configure the FortiWeb appliance to connect through an explicit
(non-transparent) web proxy server to the FortiGuard Distribution Network (FDN) for signature
updates.
For example, you might enter the following commands:
config system autoupdate tunneling
set status enable
set address 192.168.1.10
set port 8080
set username FortiWeb
set password myPassword1
end
For details, see the FortiWeb CLI Reference.
The FortiWeb appliance connects to the proxy using the HTTP CONNECT method, as described
in RFC 2616.
How often does Fortinet provide FortiGuard updates for FortiWeb?Security is only as good as your most recent update. Without up-to-date signatures and
blacklists, your network would be vulnerable to new attacks. However, if the updates were
released before adequate testing and not accurate, FortiWeb scans would result in false
positives or false negatives. For maximum benefit and minimum risk, updates must balance the
two needs: to be both accurate and current.
Fortinet releases FortiGuard updates according to the best frequency for each technology.
•Antivirus — Multiple times per day. Updates are fast to test and low risk, while viruses can
spread quickly and the newest ones are most common.
•IP reputation — Once per day (approximately). Some time is required to make certain of an
IP address’s reputation, but waiting too long would increase the probability of blacklisting
innocent DHCP/PPPoE clients that re-use an IP address previously leased by an attacker.
•Attack, data type, suspicious URL, and data leak signatures — Once every 1-2 weeks
(approximately). Signatures must be tuned to be flexible enough to match heuristic
permutations of attacks without triggering false positives in similar but innocent HTTP
requests/responses. Signatures must then be thoroughly tested to analyze any performance
impacts and mismatches that are an inherent risk in feature-complete regular expression
engines. Many exploits and data leaks also continue to be relevant 2 years or more, much
longer than most viruses. This increases the value and makes it worthwhile to optimize,
tuning each signature to be both flexible and high-performance.
•Geography-to-IP mappings — Once every month (approximately). These change rarely.
Additionally, FortiWeb cannot poll for these updates and automatically apply them. You must
manually upload the updates (see “Updating data analytics definitions” on page 598).