how to block all the connectionsfrom the fortigate to fortiguard servers and FDN

1.9k Views Asked by At

i have purchased a new fortigate 101e and it uses the fortiOS 6.0.6 and before i connect it to the internet i want to disable all connections to fortiguard servers and forti Distribution Network(FDN), our enviroment will use a manual updates for it and its services, so i have:

  1. Changed the DNS and the NTP (because they contain ips with is in fortinet)
  2. In FortiGuard we disabled push update and scheduled updates, improve IPS quality, override FortiGuard server.
  3. Disabled sending malware statics to FortiGuard
  4. Disable the submission of security rating results to FortiGuard by: set security-rating-result-submission disable
  5. Change the DNS record for the update.fortiguard.net to resolve to a local ip in the dns server.
  6. disabled the fortiguard anycast.

and in the web filter and DNS i will not use the foriguard category base filter i will use a static url filter.

i just want to make sure non of my traffic reach fortiguard or FDN or any of their servers before i connect it to the internet.

Appreciate your help. thanks.

1

There are 1 best solutions below

0
On

Everything you've done so far appears to be solid. You could also block UDP/8888 and HTTPS/8888. I like your approach for update.fortiguard.net. You could also include "service, securewf, usservice, ussecurewf".fortiguard.net the same way.