Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gakshay
Staff
Staff

Created on ‎06-01-2020 06:25 AM

Article Id 189845

Technical Tip: FortiGuard third Party SSL validation and anycast support

Description
This article describes how enable anycast in the FortiGuard settings.

Solution
Enable anycast to optimize the routing performance to FortiGuard servers is possible.
Relying on Fortinet DNS servers, the FortiGate will get a single IP address for the domain name of each FortiGuard service.
BGP routing optimization is transparent to the FortiGate.
The domain name of each FortiGuard service is the common name in that service's certificate.
The certificate is signed by a third party intermediate CA.
The FortiGuard server uses the Online Certificate Status Protocol (OCSP) stapling technique, so that the FortiGate can always validate the FortiGuard server certificate efficiently.

To enable Anycast in the FortiGuard settings.
# config system fortiguard
    set protocol https
    set port 443
    set fortiguard-anycast enable
    set fortiguard-anycast-source fortinet
end
After anycast is enabled, the FortiGuard settings will enforce a connection using HTTPS and port 443.

925
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.