Description
This article describes how to downgrade IPS/Antivirus engine versions. FortiOS will not accept the upload to a FortiGate unit of an Antivirus definition or IPS definition/engine that is older than the one that is currently installed on the unit.
Scope
FortiOS versions 5.x, 6.x, 7.x.
Solution
Installed Antivirus and IPS engine versions are checked by running:
diag autoupdate versions | grep "IPS Attack" -A 6
diag autoupdate versions | grep "AV Engine" -A 6
If a normal file is uploaded to proceed with the downgrade process, a 'Firewall has all the updates found in the given file' or a 'Failed to upgrade database' error message will be reported.
The downgrade procedure is as follows:
- From the FortiGate CLI, launch the command:
diagnose autoupdate downgrade enable
-
From the FortiGate GUI, import the Antivirus definition, and IPS definition/engine needed.
-
From the FortiGate CLI, launch the command:
diagnose autoupdate downgrade disable
-
Verify if the downgrade process is fine from CLI:
diagnose autoupdate versions
- If necessary, disable scheduled updates from FortiGuard Distribution Network to keep imported signatures/prevent automatic updates:
config system autoupdate schedule
set status disable
end
Related article:
