Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pachavez
Staff & Editor
Staff & Editor

Created on ‎03-07-2024 09:54 PM Edited on ‎12-08-2025 07:39 AM By Community Manager

Article Id 303234

Technical Tip: How to update Operational Technology (OT) Security Service database signatures

Description This article describes how to update the Operational Technology (OT) Security Service database signatures in FortiGate.
Scope FortiGate v7.4.3.
Solution

For more information regarding the Operational Technology Service entitlement, refer to Operational Technology Security Service Entitlement.

 

If the FortiGate has a valid Operational Technology (OT) Security Service license, but the OT database signatures are not updated, follow the below steps.

 

  1. Check the Operational Technology (OT) Security Service license.

 

From GUI:

Navigate to System -> FortiGuard.

 

GUI OT 2.png

 

If the Operational Technology (OT) Security Service license under System -> FortiGuard is not visible, enable the Operational Technology (OT) Security Service under System -> Feature Visibility -> In the Additional Features section -> enable Operational Technology (OT) or enable it from CLI.

 

config system settings
   set gui-ot enable
end

 

From CLI:

 

get sys fortiguard-service status
NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 7.021 signed 2023-10-27 00:29:00 manual
Virus Definitions 1.000 signed 2018-04-09 19:07:00 manual
Extended set 1.000 signed 2018-04-09 19:07:00 manual
Extreme set 1.000 signed 2018-04-09 19:07:00 manual
AI/Machine Learning Malware Detection Model 0.000 2001-01-01 00:00:00 manual
Flow-based Virus Definitions 1.000 signed 2018-04-09 19:07:00 manual
Attack Definitions 6.741 signed 2015-12-01 02:30:00 manual
Attack Extended Definitions 6.741 signed 2015-12-01 02:30:00 manual
IPS Malicious URL Database 1.001 signed 2015-01-01 01:01:00 manual
IPS/FlowAV Engine 7.524 signed 2023-11-27 18:30:00 manual
Application Definitions 6.741 signed 2015-12-01 02:30:00 manual
FMWP Definitions 0.000 2001-01-01 00:00:00 manual
OT Threat Definitions 6.741 signed 2015-12-01 02:30:00 manual
IoT Detect Definitions 0.000 signed 2022-08-17 18:31:00 manual
OT Detect Definitions 0.000 2001-01-01 00:00:00 manual
OT Patch Definitions 0.000 2001-01-01 00:00:00 manual
Proxy Attack Definitions 6.741 signed 2015-12-01 02:30:00 manual
Proxy Attack Extended Definitions 6.741 signed 2015-12-01 02:30:00 manual
Proxy Application Definitions 6.741 signed 2015-12-01 02:30:00 manual

 

diagnose autoupdate versions | grep OT -A7
OT Threat Definitions
---------
Version: 6.00741 signed
Contract Expiry Date: Wed Aug 21 2024
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed

--
OT Detect Definitions
---------
Version: 0.00000
Contract Expiry Date: Wed Aug 21 2024
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: n/a
Result: Updates Installed

OT Patch Definitions
---------
Version: 0.00000
Contract Expiry Date: Wed Aug 21 2024
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: n/a
Result: Updates Installed

 

  1. To update the OT signatures in IPS and application control, include OT signatures by setting 'exclude-signatures' to 'none'. By default, this is set to 'ot':

 

FGT-VM # conf ips global

FGT-VM (global) # set exclude-signatures
none No signatures excluded.
ot Exclude ot signatures.

FGT-VM (global) # set exclude-signatures none

FGT-VM (global) # end

FGT-VM #

 

Before v7.4.1, the OT signatures are included in Industrial Attack Definitions. Previously, the commands were:

 

config ips global

    set exclude-signatures {none | industrial}

end

 

  1. Apply the IPS and Application Control profile to at least one firewall policy to update the database. If IPS and Application Control are already applied to the firewall policy, proceed to the next step. The IPS and Application Control are required to be applied to a firewall policy. Otherwise, the definitions won't be updated.

  2. For the 'OT device identification definitions' and 'OT vulnerability correlation definitions & virtual patching signatures' versions to be updated, make sure device detection is enabled on at least one interface for the signature version to be updated.


Screenshot 2025-12-08 091439.png

 

  1. Run the commands below to manually update the signatures:

     

diagnose debug reset
diagnose debug application update -1
diagnose debug enable
exec update-now

 

   6. Leave the commands running for 3-5 minutes. Once the update is successful, disable debug:

 

diagnose debug disable

   7. Check again the OT entitlements. The Operational Technology databases are now updated:

 

From GUI:

Navigate to System -> FortiGuard.

 

GUI OT updated.png

 

From CLI:

 

get sys fortiguard service status updated 2.png

 

dia auto update versions updated.PNG

 

If the issue persists, open a TAC case for further investigation.
4252
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.