Description
This article describes how to manually upgrade the IPS Engine on a FortiGate.
Scope
FortiGate.
Solution
IPS Engine can only be obtained through a TAC support engineer.
Note:
Support Engineers would provide an IPS Package if upgrading the IPS Engine is required due to IPS Process crashes or issues related to IPS itself.
- Collect the IPS engine processid and uptime values with the following CLI command:
diagnose test application ipsmonitor 1
-
Login to the FortiGate GUI and go to System -> FortiGuard -> IPS & Application Control -> Upgrade Database -> Upload.
For v7.0, v7.2, v7.4, System -> FortiGuard -> Intrusion Prevention -> Actions -> Upgrade Database -> Upload.
Note:
The version information can be seen in the GUI. Version 4.00035 is used in the above example.
In the CLI:
diag autoupdate versions | grep "IPS Attack" -A 6
FGT800D-1 # diagnose autoupdate versions | grep "IPS Attack" -A 6
IPS Attack Engine
---------
Version: 4.00035
Contract Expiry Date: Fri Jan 10 2020
Last Updated using manual update on Wed Aug 28 13:07:23 2019
Last Update Attempt: Wed Aug 28 10:34:13 2019
Result: No Updates
IPS Attack Engine
---------
Version: 4.00035
Contract Expiry Date: Fri Jan 10 2020
Last Updated using manual update on Wed Aug 28 13:07:23 2019
Last Update Attempt: Wed Aug 28 10:34:13 2019
Result: No Updates
diag autoupdate versions | grep "IPS Attack" -A 6
IPS Attack Engine
---------
Version: 6.00036
Contract Expiry Date: Sat Jan 16 2021
Last Updated using manual update on Mon Aug 31 14:17:05 2020
Last Update Attempt: Mon Oct 5 22:49:27 2020
Result: No Update
IPS Attack Engine
---------
Version: 6.00036
Contract Expiry Date: Sat Jan 16 2021
Last Updated using manual update on Mon Aug 31 14:17:05 2020
Last Update Attempt: Mon Oct 5 22:49:27 2020
Result: No Update
Browse to the pkg file and select 'OK'. The process will take 1 to 2 minutes maximum. After upgrading the IPS Engine, verify the engines are restarted with the following CLI command:
diagnose test application ipsmonitor 1
Check the engine uptime has reset and the process IDs have changed.
In this example, the IPS engine was upgraded to 4.00203.
Browse to the pkg file and select 'OK', this will take 1 to 2 minutes maximum.
After upgrading the IPS Engine, check the engines are automatically restarted with the following CLI command:
diag test app ipsmonitor 1
Manually restart the IPS engines with the following command if necessary:
diag test app ipsmonitor 99
Note:
Performing the activity of upgrading the IPS engine will terminate all TCP sessions.
If an IPS engine is loaded to the FortiGate HA cluster, the HA primary unit will push the IPS engine to the HA secondary unit.
All FortiOS images come with built-in IPS engines. In case FortiOS firmware is upgraded and the target build has the same version of the IPS engine as the current FortiOS build, it is necessary to reload the IPS engine after a firmware upgrade.
In this example, the IPS engine was upgraded to 4.00203. The change can now be verified in the GUI:
Note:
It is only possible to get the IPS Engine from a TAC Support Engineer.
Note:
If the device has an evaluation license or no valid license, updating the database is not allowed.
Important note:
Before proceeding with the upgrade, confirm with the TAC engineer whether the provided IPS engine image is double-signed. If the provided image is not signed and the BIOS security level is set to 2, it will be necessary to change the BIOS security level to 1 or 0 to successfully perform the upgrade. More details are available in the article below: BIOS-level signature and file integrity checking
