禁用云通信
2025/11/13FortiGuard管理7.X.X大约 4 分钟
禁用云通信
FortiGate 设备会与多个云端服务进行通信,例如 FortiGuard 下载与查询服务、FortiCloud 及其他云相关服务,用于下载服务包、执行实时安全过滤、日志上报及同步任务。
在某些安全或隔离网络(Air-Gap)环境下,管理员可能希望完全关闭这类外部通信。
云通信统计信息
GUI 查看
进入“系统管理 → FortiGuard → FortiGuard 设置”查看云通信统计计数。
CLI 查看
FortiGate # diagnose sys service-communication
FortiCare:
The last 1 hour(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 0 0 0 0 0 0 0
FortiGuard Download:
The last 1 hour(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 0 0 0 0 0 0 0
FortiGuard Query:
The last 1 hour(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 0 0 0 0 0 0 0
FortiCloud Log:
The last 1 hour(in bytes): 35541766 1103963 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 36645729 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 36645729 0 0 0 0 0 0
FortiSandbox Cloud:
The last 1 hour(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 0 0 0 0 0 0 0
FortiGuard.com:
The last 1 hour(in bytes): 4851531 101213748 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 106065279 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 106065279 0 0 0 0 0 0
SDNS Service:
The last 1 hour(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 0 0 0 0 0 0 0
FortiToken Registration:
The last 1 hour(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 0 0 0 0 0 0 0
SMS Service:
The last 1 hour(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0
The last 24 hours(in bytes): 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The last 7 days(in bytes): 0 0 0 0 0 0 0禁用云通信
执行以下 CLI 命令即可关闭所有云通信,当 cloud-communication 被禁用后,系统会自动关闭 forticldd 和 updated 守护进程,并同步禁用多项与云服务相关的功能。
提示
禁用云通信后,FortiGuard 实时威胁防护(例如 Web 过滤、反垃圾邮件、病毒库更新等)将不可用。
FortiAnalyzer、FortiCloud 日志上传及 NTP 同步也会被同时关闭。
此操作建议仅用于离线或高安全隔离环境。
:::
config system global
set cloud-communication disable
end自动修改项
执行以上 CLI 命令禁用云通信后,以下配置会被系统自动更改:
config system global
set fds-statistics disable
end
config system central-management
set type none
set include-default-servers disable
end
config system fortiguard
set antispam-force-off enable
set outbreak-prevention-force-off enable
set webfilter-force-off enable
end
config system email-server
set server ''
end
config system ntp
set ntpsync disable
end
config system autoupdate schedule
set status disable
end
config system autoupdate tunneling
set status disable
end
config log fortiguard setting
set status disable
end重新启用云通信
若需恢复云通信,请首先重新启用全局选项:
config system global set cloud-communication enable end根据需要逐项恢复相应功能。
重新启用 FortiCloud 自动登录:
config system fortiguard set auto-join-forticloud enable end重新启用邮件服务器:
config system email-server set server "fortinet-notifications.com" set port 465 set security smtps end重新启用 NTP 同步:
config system ntp set ntpsync enable end