For more information regarding the Operational Technology Service entitlement, refer to the below document:
Operational Technology Security Service Entitlement
If the FortiGate has a valid Operational Technology (OT) Security Service license, but the OT database signatures are not updated, follow the below steps.
- Check the Operational Technology (OT) Security Service license.
From GUI:
Navigate to System -> FortiGuard.
From CLI:
get sys fortiguard-service status NAME VERSION LAST UPDATE METHOD EXPIRE AV Engine 7.021 signed 2023-10-27 00:29:00 manual Virus Definitions 1.000 signed 2018-04-09 19:07:00 manual Extended set 1.000 signed 2018-04-09 19:07:00 manual Extreme set 1.000 signed 2018-04-09 19:07:00 manual AI/Machine Learning Malware Detection Model 0.000 2001-01-01 00:00:00 manual Flow-based Virus Definitions 1.000 signed 2018-04-09 19:07:00 manual Attack Definitions 6.741 signed 2015-12-01 02:30:00 manual Attack Extended Definitions 6.741 signed 2015-12-01 02:30:00 manual IPS Malicious URL Database 1.001 signed 2015-01-01 01:01:00 manual IPS/FlowAV Engine 7.524 signed 2023-11-27 18:30:00 manual Application Definitions 6.741 signed 2015-12-01 02:30:00 manual FMWP Definitions 0.000 2001-01-01 00:00:00 manual OT Threat Definitions 6.741 signed 2015-12-01 02:30:00 manual IoT Detect Definitions 0.000 signed 2022-08-17 18:31:00 manual OT Detect Definitions 0.000 2001-01-01 00:00:00 manual OT Patch Definitions 0.000 2001-01-01 00:00:00 manual Proxy Attack Definitions 6.741 signed 2015-12-01 02:30:00 manual Proxy Attack Extended Definitions 6.741 signed 2015-12-01 02:30:00 manual Proxy Application Definitions 6.741 signed 2015-12-01 02:30:00 manual
diagnose autoupdate versions | grep OT -A7 OT Threat Definitions --------- Version: 6.00741 signed Contract Expiry Date: Wed Aug 21 2024 Last Updated using manual update on Tue Dec 1 02:30:00 2015 Last Update Attempt: n/a Result: Updates Installed
-- OT Detect Definitions --------- Version: 0.00000 Contract Expiry Date: Wed Aug 21 2024 Last Updated using manual update on Mon Jan 1 00:00:00 2001 Last Update Attempt: n/a Result: Updates Installed
OT Patch Definitions --------- Version: 0.00000 Contract Expiry Date: Wed Aug 21 2024 Last Updated using manual update on Mon Jan 1 00:00:00 2001 Last Update Attempt: n/a Result: Updates Installed
- To update the OT signatures in IPS and application control, include OT signatures by setting 'exclude-signatures' to 'none'. By default, this is set to 'ot':
FGT-VM # conf ips global
FGT-VM (global) # set exclude-signatures none No signatures excluded. ot Exclude ot signatures.
FGT-VM (global) # set exclude-signatures none
FGT-VM (global) # end
FGT-VM #
Before v7.4.1, the OT signatures are included in Industrial Attack Definitions. Previously, the commands were:
config ips global
set exclude-signatures {none | industrial}
end
- Apply the IPS/Application Control profile to at least one firewall policy to update the database. If IPS and Application Control are already applied to the firewall policy, proceed to the next step.
- Run below commands to manually update the signatures:
dia deb dis dia deb reset dia deb app update -1 dia deb enable exec update-now
- Leave the commands running for 3-5 minutes. Once the update is successful, disable debug:
dia deb dis
- Check again the OT entitlements. The Operational Technology databases are now updated:
From GUI:
Navigate to System -> FortiGuard.
From CLI:
If the issue persists, open a TAC case for further investigation.
|