Skip to main content
AlexFerenX
AlexFerenX
New Member
April 15, 2024
Question

What's "FDNI"?

  • April 15, 2024
  • 5 replies
  • 6382 views

There a multiple references to "FDNI" acronym (seemingly, referring to FortiGuard Distribution Network servers), but I cannot find exact expansion. Once and for all, what's "FDNI"?

5 replies

xshkurti
Staff
xshkurti
Staff
April 15, 2024

@AlexFerenX 
In FortiManager Certification Study Guide NSE5 FMG you will find the information about this acronym.

When you want to try and get list of servers that FortiManager is taking updates:

# diagnose fmupdate view-servrelist fds
you will see the last line column named as "source" and it shows the source of the update.

There are a couple of options, including CLI, Default and FDNI 
Basically, FDNI refers to public FDS (FortiGuard Distribution Network through Internet).

 

More info: Configure FortiManager as a local FDN ser... - Fortinet Community

Hope this clarifies it.

AlexFerenX
AlexFerenXAuthor
New Member
April 15, 2024
FDNI refers to public FDS (FortiGuard Distribution Network through Internet).

How is this related to FDNI object, eg. "00000000FDNI00000-00000.00000-0000000000" as observed using "diagnose test update info"?

xshkurti
Staff
xshkurti
Staff
April 16, 2024

@AlexFerenX 
I am sending some example below:

############################################
# This part is fortigate trying to figure out what database version it has internally, and then compose request string to fortiguard
# For instance.
# 04000000AVDB00203 <-- this is for Active AV database. (Most common)
# 04000000AVDB00322 <-- this is for the ETDB High (In this particular model)
# 04000000AVDB00417 <-- this is for Extremd database (Available for this model 1000C)
upd_cfg_api.c[319] upd_cfg_extract_av_db_version-version=04000000AVDB00203-00001.00234-1308131219 upd_cfg_api.c[319] upd_cfg_extract_av_db_version-version=04000000AVDB00322-00001.00234-1308131214 upd_cfg_api.c[319] upd_cfg_extract_av_db_version-version=04000000AVDB00417-00001.00234-1308131213 upd_cfg_api.c[368] upd_cfg_extract_ids_db_version-version=04000000NIDS01001-00003.00295-1301301923 upd_cfg_api.c[368] upd_cfg_extract_ids_db_version-version=04000000FLDB00100-00021.00580-1402060813 upd_cfg_api.c[479] upd_cfg_extract_netscan_db_version-version=04000000VCME00300-00001.00204- 1403251915
upd_pkg.c[622] upd_pkg_create_update_req-Exclude object version 2
upd_pkg.c[159] pack_obj-Packing obj=Protocol=3.0|Command=Update|Firmware=FGT1KC-FW-4.00- 672|SerialNumber=FGT1KC3911800485|UpdateMethod=0|AcceptDelta=1|DataItem=04000000AVDB00203- 00001.00234-1308131219*04000000AVDB00322-00001.00234-1308131214*04000000FLDB00100-00021.00580- 1402060813*04000000NIDS01001-00003.00295-1301301923*00000000FCNI00000-00000.00000- 0000000000*04000000ASEN00400-00001.00001-0903172330*00000000FDNI00000-00000.00000- 0000000000*01000000FSCI00100-00000.00000-0000000000*04000000AVEN02000-00005.00147- 1306141507*04000000FLEN00800-00002.00166-1308231621*04000000ASEN00700-00001.00001- 0903172330*04000000VCME00300-00001.00204-1403251915

 

If you see "00000000FDNI00000-00000.00000-0000000000" that means that fortigate/fortimanager has still no FDNI objects installed into its database (no known FDNI servers)

############################################
# This part is the response from fortiguard.
# Usually, we only care about 200 and 204. 200 means there is update. 204 means there is none.
upd_pkg.c[262] get_fcpr_rsp_code-Unpacked obj: Protocol=3.0|Response=300|Firmware=FPT033-FW-5.3- 0053|SerialNumber=FDS-VM- INTERNAL01|Server=FDSG|Persistent=false|ResponseItem=04000000AVDB00203:200*04000000AVDB00322:200 *04000000FLDB00100:200*04000000NIDS01001:200*00000000FCNI00000:200*04000000ASEN00400:204*00000 000FDNI00000:200*04000000AVEN02000:204*04000000FLEN00800:200*04000000ASEN00700:204*04000000VC ME00300:200*01000000FSCI00100:200
2
Here FDNI has taken value 200 meaning that it has an update:
00000 000FDNI00000:200
So Not all numbers necessary need to have some human translation, but the most important part is described above.

Hope this clarifies your query.
    AlexFerenX
    AlexFerenXAuthor
    New Member
    April 17, 2024

    Please clarify - what's the content of "00000000FDNI00000" package? Are you implying that list of FDS servers, for example, listed under "Server List" using "get webfilter status" are populated from this package?

    xshkurti
    Staff
    xshkurti
    Staff
    April 17, 2024

    It is a connection indicator showing all FortiGuard servers and their connection status

      AlexFerenX
      AlexFerenXAuthor
      New Member
      April 19, 2024

      So, this "package" has no content - it's only significance is ":200" and ":204" appended to its name?

      If so, where/how does the Fortigate obtain the complete list of Internet FDS servers, for example, listed under "Server List" using "get webfilter status"?

      xshkurti
      Staff
      xshkurti
      Staff
      April 23, 2024

      Hi Alex,

      .200 and .204 are indicators of the connection status to FortiGuard servers around the world. 
      Fortigate connects to FortiGuard servers that are configured under config system fortiguard, and from there it gets a list of nearest servers and establishes a tcp connection with them. Of course, Fortiguard servers will push some data, including a list of internet servers. Server IP list should be included in that package.

      Hope this answers your question.

       

      Terms & ConditionsAccessibility statement