Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
skaneria
Staff
Staff

Created on ‎05-15-2020 02:35 AM Edited on ‎12-22-2024 11:18 PM By Community Manager

Article Id 198753

Technical Tip: Antivirus uses extended DB by default

Description

 

This article describes how and why FortiGate uses the Extended DB as its default antivirus DB. The Normal DB option is no longer supported. For FortiGate models that support Extreme DB, choose Extended DB or Extreme DB.

 

Scope

 

FortiGate.


Solution

 

When checking the antivirus extreme database through the command (di autoupdate versions), the connectivity failure is seen

Trouble Appears to be related to attack definitions:

 

Attack Definitions

---------

Version: 6.00741

Contract Expiry Date: Wed Jul 26 2023

Last Updated using manual update on Tue Dec 1 02:30:00 2015

Last Update Attempt: Thu Aug 27 11:52:52 2020

Result: Connectivity failure

 

Extreme set

---------

Version: 1.00000 signed

Contract Expiry Date: Fri May 23 2025

Last Updated using manual update on Mon Apr  9 18:07:00 2018

Last Update Attempt: Fri Sep  1 16:06:08 2023

Result: Connectivity failure

 

The 'FortiGate update failed' message is expected when the extreme database is disabled. Under the config antivirus settings, the default-db parameter has been removed.

FortiGate models that support an extreme set database have a new use-extreme-db parameter. By default, use-extreme-db is disabled so that FortiGate uses its normal and extended set databases. When use-extreme-db is enabled, FortiGate uses the extreme set database.

Upgrade support:
Upgrading from v6.2.x to v6.4.0 causes the following changes:

Before upgrade    After upgrade
default-db = normal    use-extreme-db = disable (hidden on low-end models)
default-db = extended    use-extreme-db = disable (hidden on low-end models)
default-db = extreme    use-extreme-db = enable



Antivirus settings from the CLI

On low-end models, the use-extreme-db option is hidden. This example shows the CLI captured on FortiGate-101E.

 

show full-configuration

config antivirus settings
    set grayware enable
    set override-timeout 0
end

 

On higher-end models, use-extreme-db is available. This example shows the CLI captured on FortiGate-600D:

 

show full-configuration

config antivirus settings
    set use-extreme-db enable
    set grayware enable
    set override-timeout 0
end

set use-extreme-db ?
enable     <----- Enable extreme AVDB.
disable    <----- Disable extreme AVDB.

 

Upon adding the set use-extreme-db enable configuration setting, the 'Extreme set' will be updated.

 

Extreme set
---------
Version: 1.00000 signed
Contract Expiry Date: Wed Jan 5 2028
Last Updated using manual update on Mon Apr 9 18:07:00 2018
Last Update Attempt: n/a
Result: Updates Installed -------------------------------------------->>>

Labels:
5216
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.