Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
markdr_FTNT
Staff
Staff

Created on ‎05-04-2022 10:39 PM

Article Id 211255

Technical Tip: Botnet Domain Database shows version 0.00000 

Description This article describes an issue whereby the Fortinet Botnet Domain Database will not automatically update and describes a solution to resolve this issue.
Scope All Fortinet Firewalls.
Solution

Occasionally a situation arises whereby the Fortinet Botnet Domain Database does not automatically update.

 

Using the command:

 

# diagnose autoupdate version 

 

the version may be shown as 0.00000,  as shown in the CLI output below: 

 

 ---------
Botnet Domain Database 
--------- 
Version: 0.00000 
Contract Expiry Date: Tue Oct 20 2020 
Last Updated using manual update on Mon Jan 1 00:00:00 2001 
Last Update Attempt: n/a 
Result: Updates Installed 

 

Typically, similar issues with FortiGuard updates can be resolved using the CLI command: 

 

# execute update-now  

 

However, in this situation it does not assist.  

 

The solution here is to assign a DNS Filter Profile to a firewall policy, and then tell the FortiGate to update. 

 

It is possoble either to use an existing firewall policy or just create a dummy/temporary policy and assign a DNS Profile to it, then tell the FortiGate to update. 

 

Note that the DNS Filter Profile must have the option to redirect Botnet requests (which is the default option). 

 

Steps as follows:

 

1) Edit or create a DNS Filter Profile.


DNS Filter Profile.png

 

2) Create a dummy/test policy and assign the DNS filter to it (or add it to an existing policy).

 

Tip: (Use unassigned or unused interfaces for the temporary policy).

 

DNS Filter Profile2.png

 

3) Tell the FortiGate to update.

 

# execute update-now

 

4) Once the update is complete (typically it takes 2-3 minutes), check the Botnet Domain Database has been updated by re-running the following CLI command again:

 

# diagnose autoupdate versions

 

5) In the output, find the section relating to the Botnet Domain Database to confirm it has updated. A successful update will look similar to the below:

 

---------

Botnet Domain Database

---------

Version: 2.00466

Contract Expiry Date: Tue Oct 20 2020

Last Updated using manual update on Tue Apr  7 08:42:56 2020

Last Update Attempt: Tue Apr  7 08:42:56 2020

Result: Updates Installed

 

Related Articles:

 

Verifying and troubleshooting AV & IPS updates status and versions

 https://kb.fortinet.com/kb/viewContent.do?externalId=FD30528

 

AntiVirus extended database is not up-to-date and shows version 1.00000.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45705
 

 

 

 

 

2636
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.