在這情況下, Fortigate會無法連上Fortiguard server 來做 AV, IPS更新, 連帶 Web-filter & SPAM 也會有問題。
這時候, 我們就需要使用Client override來解決無法更新的問題
Fortigate #另外, 還要注意, DNS server 要指定客戶內部的DNS主機, 否則還是會有問題喔!!
Fortigate # config system autoupdate clientoverride
Fortigate (clientoverride) # set address 123.123.123.123 (客戶 Fortigate的真實IP)
Fortigate (clientoverride) # set status enable
Fortigate (clientoverride) # end
Fortigate #
Fortigate # config system fortiguard
Fortigate (fortiguard) # set port 8888 (可以不設)
Fortigate (fortiguard) # set client-override-status enable
Fortigate (fortiguard) # set client-override-ip 123.123.123.123 (客戶Fortigate的真實IP)
Fortigate (fortiguard) # set antispam-status enable
Fortigate (fortiguard) # set webfilter-status enable
Fortigate (fortiguard) # end
Fortigate #
最後, 這只是其中一種比較簡單的解法, 另外還有建vdom的方式, 但就麻煩多囉!
0 意見:
張貼留言