FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mribbans_FTNT
Description This article describes an issue whereby the Fortinet Botnet Domain Database will not automatically update and describes a solution to resolve this issue.
Scope All Fortinet Firewalls.
Solution

Occasionally a situation arises whereby the Fortinet Botnet Domain Database does not automatically update.

 

Using the command:

 

# diagnose autoupdate version 

 

the version may be shown as 0.00000,  as shown in the CLI output below: 

 

 ---------
Botnet Domain Database 
--------- 
Version: 0.00000 
Contract Expiry Date: Tue Oct 20 2020 
Last Updated using manual update on Mon Jan 1 00:00:00 2001 
Last Update Attempt: n/a 
Result: Updates Installed 

 

Typically, similar issues with FortiGuard updates can be resolved using the CLI command: 

 

# execute update-now  

 

However, in this situation it does not assist.  

 

The solution here is to assign a DNS Filter Profile to a firewall policy, and then tell the FortiGate to update. 

 

It is possoble either to use an existing firewall policy or just create a dummy/temporary policy and assign a DNS Profile to it, then tell the FortiGate to update. 

 

Note that the DNS Filter Profile must have the option to redirect Botnet requests (which is the default option). 

 

Steps as follows:

 

1) Edit or create a DNS Filter Profile.


DNS Filter Profile.png

 

2) Create a dummy/test policy and assign the DNS filter to it (or add it to an existing policy).

 

Tip: (Use unassigned or unused interfaces for the temporary policy).

 

DNS Filter Profile2.png

 

3) Tell the FortiGate to update.

 

# execute update-now

 

4) Once the update is complete (typically it takes 2-3 minutes), check the Botnet Domain Database has been updated by re-running the following CLI command again:

 

# diagnose autoupdate versions

 

5) In the output, find the section relating to the Botnet Domain Database to confirm it has updated. A successful update will look similar to the below:

 

---------

Botnet Domain Database

---------

Version: 2.00466

Contract Expiry Date: Tue Oct 20 2020

Last Updated using manual update on Tue Apr  7 08:42:56 2020

Last Update Attempt: Tue Apr  7 08:42:56 2020

Result: Updates Installed

 

Related Articles:

 

Verifying and troubleshooting AV & IPS updates status and versions

 https://kb.fortinet.com/kb/viewContent.do?externalId=FD30528

 

AntiVirus extended database is not up-to-date and shows version 1.00000.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45705