By default, if the FortiGate has internet connectivity and application control is used, the database will be updated automatically as part of the scheduled FortiGuard updates. If this is not working, refer to Technical Tip: Application Control Signatures are not updated automatically.

If needed, application control definitions can be upgraded manually, as described below.

Before upgrading, it is possible to check current definitions with the 'diagnose autoupdate versions' command.

To download the latest update manually, go to 'support.fortinet.com' -> Support -> Service Updates.

Download the Application Control Definition by choosing the Fortinet Product and the FortiOS version matching the firewall's current Minor Version. Minor versions are firmware branches, such as v6.4, v7.0, v7.2, and v7.4.

Most service updates are maintained under 'vX.Y.0', and this is the correct OS version to select in most cases. If there are multiple OS Versions for the current minor version and it is not clear which OS version to select, check each one without going above the firewall's current firmware and download the latest 'Application Definition' file.

Because of an upcoming DLP database enhancement, the v7.4.8 and v7.6.3 OS Versions are added to the dropdown as of Q1 2025, but only include a new version of the DLP database and are not relevant for Application Control signatures. An administrator would only select v7.4.8 or v7.6.3 OS versions if needing the DLP signatures for FortiOS v7.4.8, v7.6.3, or later.

On the FortiGate GUI, browse System -> FortiGuard -> Application Control Signatures -> Actions -> Upgrade Database and upload the definition file downloaded from the support site.

After the upgrade, verify by taking the 'diagnose autoupdate versions' output again and checking the version number.

The procedure outlined above can be used to manually update other firewall databases as well, including antivirus signatures (Virus Definitions) and IPS signatures (Attack Definitions). For a list of database abbreviations and names, see Technical Tip: Deciphering FortiGuard database abbreviations and subscriptions/services.