Description
This article provides tips if updates are not occurring on the FortiGate.
Solution
Verify that FortiGuard is enabled and available.
- In FortiOS 2.8, go to WebFilter -> Category Block.
- In FortiOS 3.0, go to System -> Maintenance -> Fortiguard Center.
The service should be enabled.
The status can be either Unknown or Available. If it is Unknown, select Check status. It should then become Available.
Verify that there is no upstream firewall blocking the traffic, or DNS caching.
UDP port 53 or 8888 must be allowed.
This is a common problem when the FortiGate is running in Transparent mode.
For a complete list of ports that FDN uses, see the related article 'Traffic Types and TCP/UDP Ports used by Fortinet Products'.
Verify that it is possible to ping guard.fortinet.net from the CLI.
If it is not possible, then verify that the DNS entries in the FortiGate are correct.
If DNS resolution is not working, use the IP address instead of the FQDN.
Change the settings using the CLI:
config webfilter catblock
set status enable
set ftgd_hostname x.x.x.x
end
In FortiOS 3.0 MR6 and MR7:
config system fortiguard
set srv-ovrd enable
config srv-ovrd-list
edit 1
set ip x.x.x.x
end
end
To find out which servers are actually being used, use the following diagnose commands:
diagnose debug rating
diagnose spamfilter fortishield servers
Use the IP address of the FortiGuard server to connect it in the ftgd_hostname field.
