|
For more information regarding the Operational Technology Service entitlement, refer to the below document:
Operational Technology Security Service Entitlement
If the FortiGate has a valid Operational Technology (OT) Security Service license, but the OT database signatures are not updated, follow the below steps.
- Check the Operational Technology (OT) Security Service license.
From GUI:
Navigate to System -> FortiGuard.
From CLI:
get sys fortiguard-service status
NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 7.021 signed 2023-10-27 00:29:00 manual
Virus Definitions 1.000 signed 2018-04-09 19:07:00 manual
Extended set 1.000 signed 2018-04-09 19:07:00 manual
Extreme set 1.000 signed 2018-04-09 19:07:00 manual
AI/Machine Learning Malware Detection Model 0.000 2001-01-01 00:00:00 manual
Flow-based Virus Definitions 1.000 signed 2018-04-09 19:07:00 manual
Attack Definitions 6.741 signed 2015-12-01 02:30:00 manual
Attack Extended Definitions 6.741 signed 2015-12-01 02:30:00 manual
IPS Malicious URL Database 1.001 signed 2015-01-01 01:01:00 manual
IPS/FlowAV Engine 7.524 signed 2023-11-27 18:30:00 manual
Application Definitions 6.741 signed 2015-12-01 02:30:00 manual
FMWP Definitions 0.000 2001-01-01 00:00:00 manual
OT Threat Definitions 6.741 signed 2015-12-01 02:30:00 manual
IoT Detect Definitions 0.000 signed 2022-08-17 18:31:00 manual
OT Detect Definitions 0.000 2001-01-01 00:00:00 manual
OT Patch Definitions 0.000 2001-01-01 00:00:00 manual
Proxy Attack Definitions 6.741 signed 2015-12-01 02:30:00 manual
Proxy Attack Extended Definitions 6.741 signed 2015-12-01 02:30:00 manual
Proxy Application Definitions 6.741 signed 2015-12-01 02:30:00 manual
diagnose autoupdate versions | grep OT -A7
OT Threat Definitions
---------
Version: 6.00741 signed
Contract Expiry Date: Wed Aug 21 2024
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed
--
OT Detect Definitions
---------
Version: 0.00000
Contract Expiry Date: Wed Aug 21 2024
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: n/a
Result: Updates Installed
OT Patch Definitions
---------
Version: 0.00000
Contract Expiry Date: Wed Aug 21 2024
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: n/a
Result: Updates Installed
- To update the OT signatures in IPS and application control, include OT signatures by setting 'exclude-signatures' to 'none'. By default, this is set to 'ot':
FGT-VM # conf ips global
FGT-VM (global) # set exclude-signatures
none No signatures excluded.
ot Exclude ot signatures.
FGT-VM (global) # set exclude-signatures none
FGT-VM (global) # end
FGT-VM #
Before v7.4.1, the OT signatures are included in Industrial Attack Definitions. Previously, the commands were:
config ips global
set exclude-signatures {none | industrial}
end
- Apply the IPS/Application Control profile to at least one firewall policy to update the database. If IPS and Application Control are already applied to the firewall policy, proceed to the next step.
- Run below commands to manually update the signatures:
dia deb dis
dia deb reset
dia deb app update -1
dia deb enable
exec update-now
- Leave the commands running for 3-5 minutes. Once the update is successful, disable debug:
dia deb dis
- Check again the OT entitlements. The Operational Technology databases are now updated:
From GUI:
Navigate to System -> FortiGuard.
From CLI:
If the issue persists, open a TAC case for further investigation.
|
