Created on 08-03-2015 01:24 PM Edited on 04-13-2022 11:08 AM By Anonymous
Description
Solution
Caveats.
- Do not assign a Provisioning Template to the managed FortiGate.
- Enable 'FortiGuard Security Updates' in the System Template (Provisioning Template) prior assigning it to FortiGate.
When this setting is disabled on the provisioning template the following configuration is pushed to the FortiGate:
# config system fortiguard
set antispam-force-off enable
set avquery-force-off enable
set webfilter-force-off enable
end
As a result, any traffic that requires a FDS query to FortiGuard in order to retrieve its category will be blocked.
# config system fortiguard
set webfilter-force-off disable <-----
set avquery-force-off disable
Verification.
# diagnose debug rating
Locale : english
Service : Web-filter
Status : Disable <-----
Service : Antispam
Status : Disable
Error.
# config system ntp
unset ntpsync
unset syncinterval
end
# config log fortianalyzer setting
unset status
unset server
unset enc-algorithm
unset upload-option
end
# config system dns
unset primary
unset secondary
end
# config system global
unset admintimeout
end
# config system fortiguard
set antispam-force-off enable
set avquery-force-off enable
set webfilter-force-off enable
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.