Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
anikolov
Staff
Staff

Created on ‎11-19-2024 10:15 AM

Article Id 358616

Technical Tip: How to solve an ISDB issues upon upgrade

Description This article describes how to fix potential ISDB issues with empty database upon upgrade of the OS
Scope FortiGate 7.0, FortiGate 7.2, FortiGate 7.4
Solution

First of all, it is important to be able to diagnose the issue. Based on the command:

 

diagnose deb config-error-log read
ffdb_map_flash_read: ret=-2, Error: open map tmp file error

init_do_ffdb_map: ret=-6, Error: shared memory error <- Points to a problem with installation of the database due to memory.

 

The reason for this issue is a very likely error with the device not being able to hold the database. This usually happens on smaller devices. 

 

In order to fix this issue, clear the current internet-service using the commands below:

 

diag internet-service clear /data2/ffdb_app

diag internet-service clear /data2/ffdb_map

diag internet-service clear /data2/ffdb_map_res

 

With these commands, the ISDB database is supposed to be clear. After that, issue the following command:

 

execute update-now

 

The command to check the current ISDB is below (check paragraph with "Internet-service Full Database" which will point out if the ISDB is installed successfully):

 

diagnose autoupdate versions

 

Another common issue for an upgrade from major version 7.0 to 7.2 is as per the KB article (getting-error-ffdb-app-map-process), with output:

 

ffdb_map_flash_read: ret=-5, Error: version error

ffdb_map version mismatch, the Internet Service Database will automatically update

 

For this issue, the fix is as per the lines above, with 'execute update-now'.

 

However, it can be the case that there is still an issue. The next step it would do a manual update of the ISDB as per the KB article below:

Manual-Update-of-Internet-Service-Database-ISDB 

 

Once again, the command to check the current ISDB is below (check paragraph with "Internet-service Full Database" which will point out if the ISDB is installed successfully):

 

diagnose autoupdate versions

 

The other options would be to change the database, the options are given as below:

Configuring-and-checking-the-Internet-Service 

 

Upon the change of the database, the following options are given:

 

A:

 

  1. diag internet-service clear
  2. Change the type of database (to mini or on-demand).
  3. execute update-now

or B:

 

  1. Change the type of database (to mini or on-demand).
  2. reboot
  3. execute update-now

 

The last step to take, if none of the above solutions work, is to perform a clean installation of the device. This would format the disk and start from scratch, for which a backup is needed. The procedure is given below:

Format: Formatting-and-loading-FortiGate-firmware-image 

Restore: Configuration backups and restore 

 

If none of these steps work, open a ticket with TAC support and provide the data from the following debug:

 

get system status

diagnose autoupdate versions

diag debug application update -1

diag debug console timestamp
diag debug enable
exec update-now

 
332
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.