Enabling push updates, Push updates when fortigate ip addresses change, Enabling push updates through a nat device – Fortinet FortiGate 4000 User Manual
Page 129: Enabling push updates through a nat, Or i
Virus and attack definitions updates and registration
Enabling push updates
FortiGate-4000 Installation and Configuration Guide
129
When the network configuration permits, configuring push updates is recommended in
addition to configuring scheduled updates. On average the FortiGate unit receives
new updates sooner through push updates than if the FortiGate unit receives only
scheduled updates. However, scheduled updates make sure that the FortiGate unit
receives the latest updates.
Enabling push updates is not recommended as the only method for obtaining updates.
The FortiGate unit might not receive the push notification. Also, when the FortiGate
unit receives a push notification it makes only one attempt to connect to the FDN and
download updates.
This section describes:
•
•
Push updates when FortiGate IP addresses change
•
Enabling push updates through a NAT device
Enabling push updates
To enable push updates
1
Go to System > Update.
2
Select Allow Push Update.
3
Select Apply.
Push updates when FortiGate IP addresses change
The SETUP message that the FortiGate unit sends when you enable push updates
includes the IP address of the FortiGate interface that the FDN connects to. If your
FortiGate unit is running in NAT/Route mode, the SETUP message includes the
FortiGate external IP address. If your FortiGate unit is running in Transparent mode,
the SETUP message includes the FortiGate management IP address. The FDN must
be able to connect to this IP address for your FortiGate unit to be able to receive push
update messages. If your FortiGate unit is behind a NAT device, see
updates through a NAT device” on page 129
Whenever the external IP address of the FortiGate unit changes, the FortiGate unit
sends a new SETUP message to notify the FDN of the address change. As long as
the FortiGate unit sends this SETUP message and the FDN receives it, the FDN can
maintain the most up-to-date external IP address for the FortiGate unit.
The FortiGate unit sends the SETUP message if you change the external IP address
manually or if you have set the external interface addressing mode to DHCP or
PPPoE and your DHCP or PPPoE server changes the IP address.
In Transparent mode if you change the management IP address, the FortiGate unit
also sends the SETUP message to notify the FDN of the address change.
Enabling push updates through a NAT device
If the FDN can connect to the FortiGate unit only through a NAT device, you must
configure port forwarding on the NAT device and add the port forwarding information
to the push update configuration. Using port forwarding, the FDN connects to the
FortiGate unit using either port 9443 or an override push port that you specify.