|
Regarding FortiGuard communication, only the MBD or the FIM contacts FortiGuard to download scheduled updates. Once the MBD or the FIM gets the updates, it synchronizes them to the other modules through the control backplane as external files. If HA is enabled, definitions are also synced to the secondary FortiGate.
Example of System Event for manual update:
date=2025-03-11 time=15:32:04 devname=FW7060E devid=FG76E83E1xxxxx slot=1 eventtime=1741681923306663206 tz="+0700" logid="0100041000" type="event" subtype="system" level="notice" vd="mgmt-vdom" logdesc="FortiGate update succeeded" status="update" msg="Fortigate update now fcni=yes fdni=yes virdb(93.01601) etdb(93.01601) exdb(1.00000) avai(4.00805) mmdb(93.01601) dnsbot(3.01183) idsdb(6.00741) idsetdb(31.00967) idsurldb(5.00348) appdb(31.00966) fmwpdb(25.00022) idsen(7.00356) cidb(1.00183) geoip(3.00271) ffdb_full(7.04089) uwdb(4.00524) mcdb(1.00525) alci(0.00000) macdb(1.00261) anphipats(1.00015) from 149.5.232.66:443"
For rating services, that is, web filter or antispam lookups, each FPC/FPM reaches out to FortiGuard directly to perform rating lookup using the device serial number. Because each FPC/FPM is responsible for performing its rating lookup, it is also responsible for maintaining its cache.
When contacting FortiGuard, all modules present the device serial number. This approach simplifies system operation and maintenance. When renewing the product license, it is necessary to apply the new licensing to only the appliance or chassis serial number instead of the individual modules.
CLI debug output:
pack_obj[185]-Packing obj=Protocol=3.2|Command=Update|Firmware=FGT7KE-FW-7.02-1706|SerialNumber=FG76E83E1xxxxxx|UpdateMethod=0
If a manual update is being performed on any module. If the module is not the MBD or the FIM, it uses the control backplane to connect to FortiGuard. After the definitions are downloaded, the module synchronizes the files to the MBD or FIM, which in turn synchronizes them to the other modules. |
