FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rakanda
Staff
Staff
Article Id 193776
Purpose
This article describes how to over-ride FortiGate central-management setting to get updates from FortiManager.

Expectations, Requirements
FortiGate will receive updates from FortiManager other than FortiGuard servers.

Configuration
If FortiGate is setup to get updates from FortiGuard server, following is the configuration:
config system central-management
    set type fortimanager
    set fmg "x.x.x.x"
    set include-default-servers enable     <----- This setting will ensure FortiGate is getting update from FortiGuard default servers.
end
To over-ride, disable "include-default-servers" setting and configure "server-list" to specify FortiManager IP. This IP can be any of the FortiManager IP if it is in cluster.
# config system central-management
    set type fortimanager
    set fmg "x.x.x.x"
    set include-default-servers disable     <----- This setting will ensure FortiGate will not  getting update from FortiGuard default servers.
        config server-list
            edit 1
                set server-type update rating
                set server-address x.x.x.x
            next
        end
  end
To configure these settings from FortiManager:
In Device Manager, click on the FortiGate in question and go to System >> FortiGuard. 
The equivalent of "include-default-servers" is a checkbox item entitled: "Fall Back to Public FortiGuard Servers". 


Verification
In FortiManager, test the update request under:

FortiGuard -> Package Management -> Service Status, select 'FortiGate' and select 'Push All Pending'.

It takes a while before service status will show update status.


Contributors