This article explains how to manually update the AV Definition and Engine for a FortiGate.
It is recommended to have automatic updates enabled in either the FortiGate or the FortiManager that manages updates for the FortiGates without internet access.
Doing so allows the FortiGates to benefit from the latest virus definition packages as soon as they are updated.
To update the definitions manually instead:
2) Navigate to Support -> Service updates -> Download and find the FortiGate device model to update.
3) Select the corresponding link for 'Attack Definition' and download the.NIDS file after completing the security check.
4) Optionally, verify the file integrity by comparing the locally generated MD5 hash of the file with the one provided at the (MD5) link.
This process will upgrade both the AV definitions and the AV engine.
The AV engines are not publicly available for download. They are usually provided through technical support cases to help address certain unwanted behaviors.
How to check current versions.
In the Web GUI:
Navigate to System -> FortiGuard -> AV Definitions.
In the CLI:
Run the following command to check the current AV definition or engine versions:
# diagnose autoupdate versions | grep Virus -A2
# diagnose autoupdate versions | grep Engine -A2
In this case, the Virus Definitions version is 0 and the AV engine shows (6.)276 (the same as in the GUI example).
The 6. is not relevant - this is only used to identify the FortiOS version that it comes with.
5) Updating the AV Definition or AV engine can only be done through the Web GUI after selecting'Upgrade Database':
Sometimes, for the AntiVirus engines provided by support representatives, there may be a warning that requires confirmation:
In some cases, the 'Failed to upgrade database' may appear:
This occurs if the AntiVirus engine is not meant to be used in the FortiOS version currently being run or, less likely if the file integrity has been compromised (usually due to incomplete downloads).
In this example, an upgrade is performed from version 276 to 283:
The following message appears briefly:
After refreshing, the version change is reflected in the AntiVirus status.