138
01-28011-0254-20051115
Fortinet Inc.
Update center
System Maintenance
Whenever the interface 2 IP address of the FortiGate unit changes, the FortiGate unit
sends a new SETUP message to notify the FDN of the address change. As long as
the FortiGate unit sends this SETUP message and the FDN receives it, the FDN can
maintain the most up-to-date interface 2 IP address for the FortiGate unit.
The FortiGate unit sends the SETUP message if you change the interface 2 IP
address manually or if you have set the interface 2 addressing mode to DHCP or
PPPoE and your DHCP or PPPoE server changes the IP address.
If you have redundant connections to the Internet, the FortiGate unit also sends the
SETUP message when one Internet connection goes down and the FortiGate unit
fails over to the other Internet connection.
In Transparent mode if you change the management IP address, the FortiGate unit
also sends the SETUP message to notify the FDN of the address change.
Enabling push updates through a NAT device
If the FDN can connect to the FortiGate unit only through a NAT device, you must
configure port forwarding on the NAT device and add the port forwarding information
to the push update configuration. Using port forwarding, the FDN connects to the
FortiGate unit using either port 9443 or an override push port that you specify.
General procedure
Use the following steps to configure the FortiGate NAT device and the FortiGate unit
on the internal network so that the FortiGate unit on the internal network can receive
push updates:
1
Add a port forwarding virtual IP to the FortiGate NAT device.
2
Add a firewall policy to the FortiGate NAT device that includes the port forwarding
virtual IP.
3
Configure the FortiGate unit on the internal network with an override push IP and port.
To add a port forwarding virtual IP to the FortiGate NAT device
Configure a FortiGate NAT device to use port forwarding to forward push update
connections from the FDN to a FortiGate unit on the internal network.
1
Go to
Firewall > Virtual IP
.
2
Select Create New.
3
Type a name for the virtual IP.
4
In the External Interface section, select the external interface that the FDN connects
to.
5
In the Type section, select Port Forwarding.
Note:
You cannot receive push updates through a NAT device if the external IP address of the
NAT device is dynamic (for example, set using PPPoE or DHCP).
Note:
Before completing the following procedure, you should register the internal network
FortiGate unit so that it can receive push updates.
Summary of Contents for FortiGate 1000A
Page 80: ...80 01 28011 0254 20051115 Fortinet Inc FortiGate IPv6 support System Network ...
Page 88: ...88 01 28011 0254 20051115 Fortinet Inc Dynamic IP System DHCP ...
Page 122: ...122 01 28011 0254 20051115 Fortinet Inc FortiManager System Config ...
Page 248: ...248 01 28011 0254 20051115 Fortinet Inc Protection profile Firewall ...
Page 260: ...260 01 28011 0254 20051115 Fortinet Inc CLI configuration User ...
Page 380: ...380 01 28011 0254 20051115 Fortinet Inc CLI configuration Log Report ...
Page 392: ...392 01 28011 0254 20051115 Fortinet Inc Glossary ...