Enabling push updates through a nat device, Enabling push updates through a nat device” on – Fortinet 100A User Manual

Page 124

Advertising
background image

124

01-28007-0068-20041203

Fortinet Inc.

Enabling push updates

System maintenance

The FortiGate unit sends the SETUP message if you change the interface 2 IP
address manually or if you have set the interface 2 addressing mode to DHCP or
PPPoE and your DHCP or PPPoE server changes the IP address.

If you have redundant connections to the Internet, the FortiGate unit also sends the
SETUP message when one Internet connection goes down and the FortiGate unit
fails over to the other Internet connection.

In Transparent mode if you change the management IP address, the FortiGate unit
also sends the SETUP message to notify the FDN of the address change.

Enabling push updates through a NAT device

If the FDN can connect to the FortiGate unit only through a NAT device, you must
configure port forwarding on the NAT device and add the port forwarding information
to the push update configuration. Using port forwarding, the FDN connects to the
FortiGate unit using either port 9443 or an override push port that you specify.

General procedure

Use the following steps to configure the FortiGate NAT device and the FortiGate unit
on the internal network so that the FortiGate unit on the internal network can receive
push updates:

1

Add a port forwarding virtual IP to the FortiGate NAT device.

2

Add a firewall policy to the FortiGate NAT device that includes the port forwarding
virtual IP.

3

Configure the FortiGate unit on the internal network with an override push IP and port.

To add a port forwarding virtual IP to the FortiGate NAT device

Configure a FortiGate NAT device to use port forwarding to forward push update
connections from the FDN to a FortiGate unit on the internal network.

1

Go to Firewall > Virtual IP.

2

Select Create New.

3

Type a name for the virtual IP.

4

In the External Interface section, select the external interface that the FDN connects
to.

5

In the Type section, select Port Forwarding.

6

In the External IP Address section, type the external IP address that the FDN
connects to.

7

Type the External Service Port that the FDN connects to.

Note: You cannot receive push updates through a NAT device if the external IP address of the
NAT device is dynamic (for example, set using PPPoE or DHCP).

Note: Before completing the following procedure, you should register the internal network
FortiGate unit so that it can receive push updates.

Advertising
Popular Brands
Popular manuals