FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcheng
Staff
Staff
Description

This article describes one possible scenario when FortiGate is not updating security databases such as antivirus and Intrusion Prevention System (IPS) database.

 

Connection to FortiGuard is successful and there may not be error in debug of update daemon.

To check on the debug when FortiGate is updating to FortiGuard, run the following command:

 

# diag deb app update -1

diag deb en

fnsysctl killall updated

exec update-now

 

Noticed also if the following entry in the debug log, the update of the respective databases are disabled due to setting in FortiGate:

 

__update_upd_comp_by_settings[473]-Disabling FLEN components.
__update_upd_comp_by_settings[477]-Disabling NIDSDB/ISDB/MUDB components.
__update_upd_comp_by_settings[481]-Disabling APPDB/IOTDB components.
__update_upd_comp_by_settings[485]-Disabling AVEN components.
__update_upd_comp_by_settings[489]-Disabling AVDB/FLDB/MMDB components.

Scope FortiGate.
Solution

1) Cross-check the firewall policy and ensure that a security profile such as antivirus and/or IPS is configured on at least 1 of the firewall policies.

 

2) Ensure that the policy that has been configured with the security profile is not in disabled state mode.

 

In conclusion, FortiGate obtains updates of security databases from FortiGuard only if the respective feature is used.

If no policy is configured with the respective security profile feature, FortiGate will not download the update as the components are not in use.

 

If the configured policy is in a disabled state, FortiGate will not download the update the respective database.

Contributors