Troubleshooting Tip: AV definitions shows version 1.0000

jstan · ‎04-12-2019

Description

This article describes the reason why AV definitions shows version 1.000 when all other definitions can be updated.

Scope

FortiGate.

Solution

By default, if AV profile is not enabled on firewall policy, FortiGate will only perform update on standard AV definitions and not the extended AV definitions.

show full antivirus setting | grep default-db

set default-db extended

If the extended AV definitions is not updated before, it will always display version 1.0000 as follows:

To update the extended AV definition, apply an AV profile to any firewall policy:

In the CLI, run the following commands to update the definitions:

diag debug app update -1
diag debug en
exec update-now

To stop debugging:

diagnose de disable

diagnose de reset

After a few minutes, verify whether the extended set was updated:

Verification can also be performed in the CLI by entering the following command:

diag autoupdate ver | grep -A 6 Extended
Extended set
---------
Version: 67.00562
Contract Expiry Date: Thu Dec 26 2019
Last Updated using manual update on Thu Apr 4 19:44:01 2019
Last Update Attempt: Thu Apr 4 19:44:15 2019
Result: Updates Installed

Troubleshooting Tip: AV definitions shows version 1.0000

You are leaving our website