Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Kush_Patel
Staff
Staff

Created on ‎02-21-2023 06:19 AM Edited on ‎01-21-2024 11:23 AM By Moderator

Article Id 246617

Troubleshooting Tip: ‘Attack Definitions’ Connectivity failure when trying to update FortiGate

Description

This article describes how to handle an issue that may be observed while receiving the alert email or logs on FortiGate as follows:

 

Message meets Alert condition
The following critical firewall event was detected: FortiGate update failed.
date=2023-01-28 time=10:45:18 devname=fgt-101 devid=FG200ETKxxxxxxxx eventtime=1674924318015840062 tz="-0600" logid="0100041001" type="event" subtype="system" level="critical" vd="root" logdesc="FortiGate update failed" status="update" msg="Fortigate scheduled update failed"

 

In the output of command ‘diagnose autoupdate versions’, 'Connectivity failure’ as Result for ‘Attack Definitions’ is visible as follows:

 

Attack Definitions

---------

Version: 6.00741

Contract Expiry Date: Wed Jul 26 2023

Last Updated using manual update on Tue Dec  1 02:30:00 2015

Last Update Attempt: Thu Aug 27 11:52:52 2020

Result: Connectivity failure

 

Even after manually updating FortiGate using the command ‘execute update-now’, this error will show up under the result of ‘Attack Definitions’.
Scope FortiGate.
Solution

These ‘Attack Definitions’ refers to IPS databases that can be verified using the following command:

 

show full-configuration ips global

 

If the ‘extended’ database is being used in IPS, FortiGate does not update the normal database along with it or vice versa.

FortiOS only requests packages for the configured IPS DB set.

If IPS DB is set to ‘regular’ then FortiGate will update 'Attack Definitions' only not 'Attack Extended Definitions', if IPS DB is set to ‘extended’ then FortiGate will update 'Attack Extended Definitions' only and not 'Attack Definitions'.

It is possible to modify this configuration:


config ips global
    set database regular
end

 

Afterwards, attempt to manually update the FortiGate using the command ‘execute update-now’. After, verify the attempt succeeded with the command ‘diagnose autoupdate versions’: the output should show that the ‘Attack Definitions’ was updated.

 

Attack Definitions

---------

Version: 22.00491

Contract Expiry Date: Wed Jul 26 2023

Last Updated using manual update on Wed Feb  8 10:34:41 2023

Last Update Attempt: Wed Feb  8 10:34:41 2023

Result: Updates Installed

 

Note: The IPS security profile must be applied applied to the firewall policy before updating manually (by using 'execute update-now').
Labels:
2109
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.