Description

This article describes the meaning of the on-demand Internet-service-database.

Scope

FortiGate v7.2.4.

Solution

From version v7.2.4, the additional database options for Internet-service-database is available under:

config system global

    set internet-service-database ?

    mini         Small sized Internet Service database with very limited IP addresses.

    standard     Medium sized Internet Service database with most IP addresses.

    full         Full sized Internet Service database with all IP addresses.

    on-demand    Internet Service database with customer selected IP addresses.

Select the on-demand database as below:

set internet-service-database on-demand

end

Before changing the database, the below message will appear:

Warning: Changing Internet Service database update mode will lead to the removal of all downloaded Internet Service files.

Do you want to continue? (y/n) y

Run 'execute update-ffdb-on-demand' to do an explicit download or wait for an automatic schedule update for the configuration of the Internet Service database.

Since no service has been applied to a policy, the IP range and IP address values are blank for the ISDB service.

Before adding the ISDB service in the policy for those specific ISDBs, the data of the IP range and IP address value will appear.

The content of the ISDB entries used in firewall policies persists through reboots.

To update the ISDB automatically or using the command 'execute update-ffdb-on-demand' make sure to verify if 'update-ffdb' enable in Fortiguard settings. By default the setting 'update-ffdb' is enabled.

config system fortiguard
    set update-ffdb enable
end

To check the Internet service database version, use the following command:

diagnose autoupdate versions

Related document:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/b5f5f30a-9b79-11ed-8e6d-fa163e...