Issue with AV Definitions Auto-Update

Question

Hi all,

I am managing a FG 300D cluster for a client, and they're reporting that AV auto-updates are not kicking off everyday at 1 AM.

This client has sort of a rigged UTM license situation going on, he only pays for a UTM license on the master unit of this cluster. Because of this, his IPS and AV licenses read as 'expired'. My first thought was that this would absolutely cause an issue with AV, but he assures me that there was no auto-update issue until they upraged from 5.2.6 to 5.4.4.

I have the following questions:

-Do both cluster members need a UTM license in order to actually use things like AV and IPS?

-Is there a way that I can verify auto-updates are, or are not, kicking off every day at 1AM?

-What is the best way to test/troubleshoot an AV Auto-Update?

I have browsed numerous KB articles, and am already familiar with cmd's like diag autoupdate version/status, these don't seem to be providing me with conclusive evidence that auto-updates are functioning, or not.

Here is a screencap showing config pertaining to AV, and auto-updates:

FGT3HD3914802363 # conf antivirus settings

FGT3HD3914802363 (settings) # show full

config antivirus settings

    set default-db extended

    set grayware enable

end

FGT3HD3914802363 (schedule) # show full

config system autoupdate schedule

    set status enable

    set frequency daily

    set time 01:60

end

RobertReynolds · Answer

In a HA cluster, whether A-A or A-P, both Fortigates need to have the same level of security subscriptions. This is because if one fails and the other has to then take over, it needs to have the same subscriptions to be able to continue inspecting the traffic

If they have differnet levels of support, the cluster will take the lowest common denominator.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded