New Member

Question

Virus definitions not updating

Forum|Forum|12 years ago
July 4, 2013
8 replies
20358 views

Hi, On my fortigate 80c with firmware version 4.0 MR2 and a valid license the virus definition are not updating any more. On the dashboard it shows: AV Definitions 18.00509 (Updated 2013-04-23). I also tried these commands from the knowledgebase with no success: # exe ping update.fortiguard.net # diag test update info # dia deb en # dia deb app update 255 # exec update-now (Wait two minutes while the update completes before continuing) # dia deb reset # dia deb disable Help would be appreciated. Thanks!

rwpatterson

New Member

With the first command, did you get a valid response to the PING query?

forti_fanAuthor

New Member

Yes the service pingable:

  FGT80C3910603404 # exe ping update.fortiguard.net  PING fds1.fortinet.com (209.66.81.150): 56 data bytes  64 bytes from 209.66.81.150: icmp_seq=0 ttl=52 time=194.8 ms

rwpatterson

New Member

Are the indicators on the dashboard green?

forti_fanAuthor

New Member

Yes, the indicators are green (service is reachable).

Dave_Hall

New Member

Under Config/FortiGuard options: Under " AntiVirus and IPS Options" If Override server address is checked make sure the server at that address is still operating -- otherwise clear that check box. Click the " Update Now" button. Under " Web Filtering and Email Filtering Options" enable both cache boxes. Click the " Test Availability" button. If the above does not update the virus definitions then try changing the port (default is 53) to 8888. The attached pic is from my little 40C running 4.0 MR3 but should still apply to 4.0 MR2.

Ay74648.gif

forti_fanAuthor

New Member

I have tried that but it changes nothing. Somewhere on the support site there was a link to the definition download. But i cannot find the download site any more.

ede_pfau

SuperUser

On http://support.fortinet.com, log in to your user account. On that page, go to " Downloads" (left column, 3rd entry, red font), then " FortiGuard Service Updates" . You can only download AV and IPS signature files for the registered unit(s).

forti_fanAuthor

New Member

Thanks! I must be blind. I have downloaded the virus definitions for the fortigate 80c and OS Version v4.00_MR2_P3 and tried to manually install the package. But is says: ERROR Firewall has all the updates found in the given file.

rwpatterson

New Member

Perhaps this is a browser cache issue? Have you tried another browser? Have you tried hard refreshing the page? (hold down the >SHIFT< key while clicking refresh will force the entire page to be read again)

Dave_Hall

New Member

The License Information lists " extend set" in use. Perhaps try switching back to the " normal" set.

rwpatterson

New Member

The ' normal' set is the first line. The dates are usually the same.

ede_pfau

SuperUser

Your AV signature comes from the future. Current is 17.00864, that' s what you could download. As long as the installed DB has a higher version no. there won' t be any updates. Dunno how that happened to you. You can get rid of that DB by reloading the firmware. Signatures included in firmware loads usually are pretty old. You should be able to update then after kicking off the update process.

forti_fanAuthor

New Member

If the definitions are from the future i dont have to worry about future viruses :). I will try to reinstall the firmware and restart the update process. Thanks!

rwpatterson

New Member

There was a command available to allow downgrading AV defs. I cannot locate it.

harald21

New Member

Hello, Fortinet started in march rolling out AV signature v18.xyz for certain devices. Back in april we had the same problem - a faulty signature v18.xyz which prefented further updates and no possibility to manually download a valid signature package from the download page (there are only signatures v17.xyz). We contacted tech support, they supplied us a valid v18 signature and the problem was solved. Sincerely harald

Dave_Hall

New Member

Discovered this KB (last updated 05-22-2013)... Technical Tip: How to downgrade / rollback the AV definitions, IPS definitions or IPS engine on a FortiGate unit