Fortiguard Services
[singlepic id=1 w=320 h=240 float=]
Fortinet provides a world wide coverage of Fortiguard sevices through the Fortiguard Serice Points. The communication between your FortiGate appliance and the Fortiguard Service Points is possibled on port UDP 53 but it can also be changed to port 8888.
Since Fortigate firewalls are placed all over the world, the use DNS so you can get the closest one to you.
The updates issued by Fortiguard can only be received on port UDP 9443, so be carefull to not have this port closed.
Caching is available for the following UTM appliances: Web-Filter and AntiSpam. This option is strongly recommeded as it imporves performance by reducing Fortigate unit registration to the Fortiguard service. The space that cache uses is only a small percentage of the System memory that the firewall can have.
In the situation that the cache is full, the oldest cache is deleted.
You also have a TTL option that controls the number of seconds to store the IPs and URLs that the Fortiguard service provides before contacting it again.