Technical Tip: Cannot upload the IPS database manually from the GUI without internet connection to FortiGate

gmanea · ‎08-07-2019

Description

This article explains how to install the IPS database.

The IPS database update button (Go to System -> FortiGuard -> Upgrade Database/Package) is now only available if the unit is licensed and connected to the internet.

Note:

If there is no internet connection in the unit, there is no way to determine if they have a valid license or not.

Scope

FortiGate.

Solution

Install the IPS database offline, it can be achieved via CLI only:
Download the IPS database from the support.fortinet.com -> Support -> Download -> Service Updates -> then download 'Attack Definition'.

Install the TFTP server in one of the LAN PC, which has a connection to the FortiGate. Store the IPS database file in the TFTP server and then run the following command on the FortiGate CLI:

Install an IPS update from a TFTP server

execute restore ips tftp Restore IPS database from TFTP server.
{string} IPS database file name on the TFTP server.
{ip} IP address.

Syntax:

exe restore ips tftp <database_file_name> <TFTP server IP>

For example:

exe restore ips tftp nids_OS6.2.0_14.00655.NIDS.pkg 1.2.3.5

Related articles:
Technical Tip: How to manually upgrade the IPS Engine
Technical Tip: How to manually upgrade the IPS Engine

Technical Tip: Cannot upload the IPS database manually from the GUI without internet connection to FortiGate

You are leaving our website