Description
This article describes how to configure the FortiGate to receive automatic updates from FortiGuard in the GUI and CLI.
Scope
FortiGate.
Solution
Configuration in GUI:
Go to System -> FortiGuard and Enable the Scheduled Update.
The default configuration is set to receive updates every 4 hours. This interval is used to optimize the load of update requests sent to the FortiGuard servers.
Go to System -> FortiGuard and Enable the Scheduled Update.
The default configuration is set to receive updates every 4 hours. This interval is used to optimize the load of update requests sent to the FortiGuard servers.
Hovering over the 'Automatic' option shows the frequency the FortiGate will update automatically. This option is the default configuration.
Starting from v7.6.5, the default auto-update schedule has been changed from 'Automatic' to 'Daily'.
In v7.6.1 and above, a new tab called 'FortiGuard settings' was added to configure the FortiGuard updates. Go to System -> FortiGuard -> FortiGuard Settings -> FortiGuard updates.
Configuration in CLI:
The CLI allows for more precise specification of the scheduled update time.
config system autoupdate schedule
set status enable
set frequency daily
set time 01:240 <-- The 01:240 parameters mean that updates are run daily in random intervals within 4 hours from 1:00 AM.
set status enable
set frequency daily
set time 01:240 <-- The 01:240 parameters mean that updates are run daily in random intervals within 4 hours from 1:00 AM.
Optionally, the update time can be changed to an exact value:
config system autoupdate schedule
set time 01:00 <----- The time parameter should be set as hh:mm where hh is in the range 00 to 23, mm is in the range 00 to 60, or 240. 60 will correspond to a random minute within the next hour, and 240 will correspond to a random minute within the next 4 hours.
set time 01:00 <----- The time parameter should be set as hh:mm where hh is in the range 00 to 23, mm is in the range 00 to 60, or 240. 60 will correspond to a random minute within the next hour, and 240 will correspond to a random minute within the next 4 hours.
For example:
01:30 <----- The unit will download updates every day exactly at 1:30 AM.
01:60 <----- The unit will update in 1-hour intervals at 1:00 AM, randomly between 1:00 AM-2:00 AM.
01:240 <----- The unit will download updates in 4-hour intervals from 1:00 AM. That is at a random time between 1 AM and 5 AM. This is the default value for daily updates.
01:60 <----- The unit will update in 1-hour intervals at 1:00 AM, randomly between 1:00 AM-2:00 AM.
01:240 <----- The unit will download updates in 4-hour intervals from 1:00 AM. That is at a random time between 1 AM and 5 AM. This is the default value for daily updates.
Note:
The GUI shows the autoupdate schedule time in hours only, and it does not display the minutes ('mm'). If the time is set through the GUI, the CLI value will automatically default to 'hh:60'. This is expected behavior.
Verification:
The following command can be used to verify the last time that the FortiGate queried FortiGuard for updates and the last time the new updates were installed on the unit:
FGT # diagnose autoupdate versions
AV Engine
---------
Version: 5.00147
Contract Expiry Date: Tue Oct 3 00:00:00 2017
Last Updated using manual update on Fri Jun 14 15:06:00 2013
Last Update Attempt: Sun Jul 26 00:25:33 2015
Result: No Updates
Virus Definitions
---------
Version: 26.00965
Contract Expiry Date: Tue Oct 3 00:00:00 2017
Last Updated using scheduled update on Sun Jul 26 00:25:33 2015
Last Update Attempt: Sun Jul 26 00:25:33 2015
Result: Updates Installed
AV Engine
---------
Version: 5.00147
Contract Expiry Date: Tue Oct 3 00:00:00 2017
Last Updated using manual update on Fri Jun 14 15:06:00 2013
Last Update Attempt: Sun Jul 26 00:25:33 2015
Result: No Updates
Virus Definitions
---------
Version: 26.00965
Contract Expiry Date: Tue Oct 3 00:00:00 2017
Last Updated using scheduled update on Sun Jul 26 00:25:33 2015
Last Update Attempt: Sun Jul 26 00:25:33 2015
Result: Updates Installed
