FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acastellani
Staff
Staff
Article Id 194451

Description

 
This article explains how to manually update the Antivirus Definition and Engine for a FortiGate.

 

Scope

 

FortiGate, FortiManager.


Solution

 

It is recommended to have automatic updates enabled in either the FortiGate or the FortiManager that manages updates for the FortiGates without internet access.
Doing so allows the FortiGates to benefit from the latest virus definition packages as soon as they are updated.
 
To update the definitions manually instead:
 
  1. Log in to the Customer Service & Support web portal at https://support.fortinet.com.

  2. Navigate to Support -> Service updates -> Download and find the FortiGate device model to update. 

  3. Select the corresponding link for 'Virus Definition' and download the .ETDB file after completing the security check.

  4. Optionally, verify the file integrity by comparing the locally generated MD5 hash of the file with the one provided at the (MD5) link.
 
AV UPDATE.PNG
 
This process will upgrade both the Antivirus definitions and the Antivirus engine.
 
The Antivirus engines are not publicly available for download. They are usually provided through technical support cases to help address certain unwanted behaviors.
 
How to check current versions.

In the Web GUI:

Navigate to System -> FortiGuard -> AV Definitions.
 
AlexCFTNT_2-1668075195303.png
 
In the CLI:

Run the following command to check the current Antivirus definition or engine versions:

diagnose autoupdate versions | grep Virus -A2
diagnose autoupdate versions | grep Engine -A2
 
AlexCFTNT_0-1668075065878.png

 


In this case, the Virus Definitions version is 0 and the Antivirus engine shows (6.)276 (the same as in the GUI example).
The 6. is not relevant - this is only used to identify the FortiOS version that it comes with.
 
  1. Updating the Antivirus Definition or Antivirus engine can only be done through the Web GUI after selecting'Upgrade Database':

    AlexCFTNT_3-1668075996365.png

     

    Sometimes, for the AntiVirus engines provided by support representatives, there may be a warning that requires confirmation:

     

    AlexCFTNT_4-1668076098160.png

     

    In some cases, the 'Failed to upgrade database' may appear:

     

    AlexCFTNT_5-1668076142877.png

     

    This occurs if the AntiVirus engine is not meant to be used in the FortiOS version currently being run or, less likely if the file integrity has been compromised (usually due to incomplete downloads). 

     

    In this example, an upgrade is performed from version 276 to 283:

     

    AlexCFTNT_6-1668076308858.png

     

    The following message appears briefly:

     

    AlexCFTNT_7-1668076423250.png

     

    After refreshing, the version change is reflected in the AntiVirus status.

     

    AlexCFTNT_8-1668076477341.png