How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updates?

Author
Sjaak
New Member
  • Total Posts : 14
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/06/11 00:36:12
  • Status: offline
2016/03/24 23:57:02 (permalink) 5.2
0

How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updates?

Hello,

How can I turn off all fortiguard update services? We will be using a 60D in a very bandwidth constrained environment so everything not opened up by us (one website, two email ports) must be blocked.
 
I tried setting config system autoupdate schedule to disabled but that still shows updates as enable and makes no mention of the webfilter updates either.

Push update: disable
Scheduled update: disable
Virus definitions update: enable
IPS definitions update: enable
Push address override: disable
Web proxy tunneling: disable

I also tried blocking port 8888 (set fortiguard to use port 8888) but diagnose debug rating still shows the fortigate servers are reachable.
 
I have not been able to find any documentation on turning off updates either.
#1

8 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6383
    • Scores: 547
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updat 2016/03/25 02:09:31 (permalink)
    0
    I'd first check if updates are still coming in (which I doubt) before digging further. WF updates are kept uptodate only if you enable WF and SF.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    Sjaak
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/06/11 00:36:12
    • Status: offline
    Re: How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updat 2016/03/27 17:39:55 (permalink)
    0
    I'm sorry, what do you mean by SF?
     
    How can I force webfilter updates?
    #3
    ede_pfau
    Expert Member
    • Total Posts : 6383
    • Scores: 547
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updat 2016/03/28 11:43:47 (permalink)
    0
    WF=web filter, SF=spam filter.
    Check settings in System > Config > Fortiguard.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #4
    Jeff_FTNT
    Gold Member
    • Total Posts : 228
    • Scores: 21
    • Reward points: 0
    • Joined: 2005/06/14 16:27:00
    • Status: offline
    Re: How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updat 2016/03/28 14:09:48 (permalink)
    5 (1)
    You can try below setting:
    config system central-management
        set mode normal
        set type none
        config server-list
            edit 1
                set server-type update rating
                set addr-type ipv4
                set server-address 123.1.1.1
            next
        end
        set include-default-servers disable
    end
     
    FGT will try to update AV/IPS/Webfilter/Spamfilter on override IP 123.1.1.1.
    With "set include-default-servers disable", FGT will not try go to public server if override server is fail. Thanks.
     
    #5
    Sjaak
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/06/11 00:36:12
    • Status: offline
    Re: How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updat 2016/03/30 00:40:03 (permalink)
    0
    Jeff_FTNT
    You can try below setting:
    config system central-management
       set mode normal
       set type none
       config server-list
           edit 1
               set server-type update rating
               set addr-type ipv4
               set server-address 123.1.1.1
           next
       end
       set include-default-servers disable
    end
     
    FGT will try to update AV/IPS/Webfilter/Spamfilter on override IP 123.1.1.1.
    With "set include-default-servers disable", FGT will not try go to public server if override server is fail. Thanks.
     




    Thanks, looks like this is working. IPS and AV updates are reported unavailable with these settings compared to not licensed without those rules.
     
    However even though the include default servers is set to disabled, when running diag debug rating it will still show all the servers with some packets going to them on a update check. Is this normal? The majority of packets are hitting 123.1.1.1 but for each update there are one or two packets being send to every server on the list.
    #6
    Jeff_FTNT
    Gold Member
    • Total Posts : 228
    • Scores: 21
    • Reward points: 0
    • Joined: 2005/06/14 16:27:00
    • Status: offline
    Re: How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updat 2016/03/30 08:34:11 (permalink)
    0
    This solution just prevent  AV/IPS  update from sending  to public IP (ISP ), you may replace 123.1.1.1 with your local IP like 192.168.1.100, AV/IPS update/Rating will still works and check your local IP. Thanks
    #7
    Sjaak
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/06/11 00:36:12
    • Status: offline
    Re: How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updat 2016/03/30 22:50:06 (permalink)
    0
    We won't have any update files stored locally so I have it pointed to the 1.1.1.1 blackhole.
     
    So if I understand correctly the above settings will have the Fortigate only look at 1.1.1.1 or whatever IP you set for updates while all other ip's are ignored, correct?
     
    That would be exactly what I need :)
    #8
    Sjaak
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/06/11 00:36:12
    • Status: offline
    Re: How to turn off/block all system (fortiguard, webfilter, IPS, virus definiation) updat 2016/04/07 18:41:13 (permalink)
    0
    For anybody reading this in the future I've found a better solution.
     
    Create a dns-database entry for fortiguard.net and redirect it to 1.1.1.1. Now your device won't be able to contact any of the fortinet servers unlike with the earlier mentioned config which still sends some data.
     
    This stops most of the data but not all.
     
    Now unset the server under config system fortiguard.
     
    This should stop any traffic going to the fortinet servers.
    #9
    Jump to:
    © 2020 APG vNext Commercial Version 5.5