Technical Tip: FortiGate cannot update IPS and antivirus databases
| Description | This article describes one possible scenario when FortiGate is not updating security databases, such as antivirus and Intrusion Prevention System (IPS) databases. |
| Scope | FortiGate. |
| Solution | Connection to FortiGuard is successful, and there may not be an error in debugging of the update daemon. To check the debug when FortiGate is updating to FortiGuard, run the following command:
diagnose debug app update -1 diagnose debug enable fnsysctl killall updated execute update-now
If the following entry is in the debug log, the update of the respective databases is disabled due to a setting in FortiGate:
__update_upd_comp_by_settings[473]-Disabling FLEN components.
FortiGate obtains updates of security databases from FortiGuard only if the respective feature is used. If no policy is configured with the respective security profile feature, FortiGate will not download the update as the components are not in use.
If the configured policy is disabled, FortiGate will not download the update to the respective database. After enabling antivirus and/or IPS in one of the policies, run the 'execute update-now' command again. If there are no changes in the definitions, contact Technical Support for assistance or consider updating definitions manually. Refer to: Technical Tip: How to manually upgrade the IPS Engine
upd_manual_virdb[60]-Updating virus db This issue may be caused by updating the incorrect antivirus database version pkg file, resulting in a mismatch with the FortiOS version. vsigupdate-OS7.60_7.049_GA_signed_ENG_ALL.pkg <---- This pkg file is valid for FortiOS v7.6.x. vsigupdate-OS7.40_7.051_GA_signed_ENG_ALL.pkg <----- This pkg file is valid for FortiOS v7.4.x.
Related articles: Technical Tip: Explanation to old update values in get system Troubleshooting Tip: IPS definition showing version 0.0000 in FortiGuard |
