0

I need to update a backend Fortinet FortiGate100E firewall and the only machine in the network whose ip address is authorized for internet access (from the frontend firewall) is 10.1.2.3 running SquidProxy on CentOS linux.

I followed Fortinet's technical note on how to setup the proxy by opening the CLI and issuing

config system autoupdate tunneling set address 10.1.2.3 set port 3128 set status enable end

Now part of the traffic flows through the proxy but there are still connection attempts directly from the firewall to Fortinet servers on port 443. The updates are not working, I opened every port and protocol from the firewall interface to the SquidProxy machine and through tcpdump on the proxy I can see data flowing back and forth like this

Internet <---> SquidProxy <---> FortiGate

but from the firewall GUI I can see that it's not communicating with the update servers. I haven't been able to redirect ALL traffic from the firewall through the proxy

What other configurations am I missing?

Improve this question
1

1 Answer 1

Reset to default
5

The easiest solution is to download the current firmware from the support webpage (https://support.fortinet.com) and import it manually over the Admin Web GUI. That are possible over System->Firmware.

Please be aware of the upgrade path for FortiGates. https://docs.fortinet.com/upgrade-tool

On that way you don't need any internet connection.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.