Er (see – Fortinet 100A User Manual

122

01-28007-0068-20041203

Fortinet Inc.

Updating antivirus and attack definitions

System maintenance

4

Select Apply.
The FortiGate unit tests the connection to the override server.
If the FortiProtect Distribution Network setting changes to available, the FortiGate unit
has successfully connected to the override server.
If the FortiProtect Distribution Network stays set to not available, the FortiGate unit
cannot connect to the override server. Check the FortiGate configuration and network
configuration for settings that would prevent the FortiGate unit from connecting to the
override FortiProtect server.

To enable scheduled updates through a proxy server

If your FortiGate unit must connect to the Internet through a proxy server, you can use
the config system autoupdate tunneling command to allow the FortiGate

unit to connect (or tunnel) to the FDN using the proxy server. Using this command you
can specify the IP address and port of the proxy server. As well, if the proxy server
requires authentication, you can add the user name and password required for the
proxy server to the autoupdate configuration. The full syntax for enabling updates
through a proxy server is:

config system autoupdate tunneling

set address <proxy-address_ip>
set port <proxy-port>
set username <username_str>
set password <password_str>
set status enable

end

For example, if the IP address of the proxy server is 67.35.50.34, its port is 8080, the
user name is proxy_user and the password is proxy_pwd, enter the following
command:

config system autoupdate tunneling

set address 67.35.50.34
set port 8080
set username proxy_user
set password proxy_pwd
set status enable

end

For more information about the config system autoupdate tunneling

command, see the FortiGate CLI Reference Guide.

The FortiGate unit connects to the proxy server using the HTTP CONNECT method,
as described in RFC 2616. The FortiGate unit sends an HTTP CONNECT request to
the proxy server (optionally with authentication information) specifying the IP address
and port required to connect to the FDN. The proxy server establishes the connection
to the FDN and passes information between the FortiGate unit and the FDN.

The CONNECT method is used mostly for tunneling SSL traffic. Some proxy servers
do not allow the CONNECT to connect to any port; they restrict the allowed ports to
the well known ports for HTTPS and perhaps some other similar services. Because
FortiGate autoupdates use HTTPS on port 8890 to connect to the FDN, your proxy
server might have to be configured to allow connections on this port.