This article describes one possible scenario when FortiGate is not updating security databases such as antivirus and Intrusion Prevention System (IPS) database.

Connection to FortiGuard is successful and there may not be an error in debugging of the update daemon.

To check on the debug when FortiGate is updating to FortiGuard, run the following command:

diag deb app update -1

diag deb en

fnsysctl killall updated

exec update-now

Noticed also if the following entry in the debug log, the update of the respective databases is disabled due to a setting in FortiGate:

__update_upd_comp_by_settings[473]-Disabling FLEN components.
__update_upd_comp_by_settings[477]-Disabling NIDSDB/ISDB/MUDB components.
__update_upd_comp_by_settings[481]-Disabling APPDB/IOTDB components.
__update_upd_comp_by_settings[485]-Disabling AVEN components.
__update_upd_comp_by_settings[489]-Disabling AVDB/FLDB/MMDB components.

1. Cross-check the firewall policy and ensure that a security profile such as antivirus and/or IPS is configured on at least 1 of the firewall policies.
   
   
2. Ensure that the policy that has been configured with the security profile is not in disabled state mode.

In conclusion, FortiGate obtains updates of security databases from FortiGuard only if the respective feature is used.

If no policy is configured with the respective security profile feature, FortiGate will not download the update as the components are not in use.

If the configured policy is disabled, FortiGate will not download the update to the respective database. After enabling antivirus and/or IPS in one of the policies, run the 'execute update-now' command again. If there are no changes in the definitions, contact Technical Support for assistance or consider updating definitions manually. Refer to:

Technical Tip: How to manually upgrade the IPS Engine
Technical Tip: How to manually update the Virus Definition database or AntiVirus Engine 

Related article:

Technical Tip: Explanation to old update values in get system