Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sjoshi
Staff
Staff

Created on ‎02-10-2023 01:47 AM Edited on ‎08-28-2025 01:02 AM By Moderator

Article Id 245366

Technical Tip: Internet-service-database: On-demand

Description

 

This article describes the meaning of the on-demand Internet-service-database.

 

Scope

 

FortiOS v7.2.4 and above versions.

 

Solution

 

Starting from version v7.2.4, the additional database options for Internet-service-database are available under:

 

config system global

    set internet-service-database ?

    mini         Small sized Internet Service database with very limited IP addresses.

    standard     Medium sized Internet Service database with most IP addresses.

    full         Full sized Internet Service database with all IP addresses.

    on-demand    Internet Service database with customer selected IP addresses.

 

Select the on-demand database as below:

 

    set internet-service-database on-demand

end

 

Before changing the database, the following message will appear:

 

Warning: Changing Internet Service database update mode will lead to the removal of all downloaded Internet Service files.

Do you want to continue? (y/n) y

 

Run 'execute update-ffdb-on-demand' to do an explicit download or wait for an automatic schedule update for the configuration of the Internet Service database.

 

Since no service has been applied to a policy, the IP range and IP address values are blank for the ISDB service.

 

Before adding the ISDB service in the policy for those specific ISDBs, the data of the IP range and IP address value will appear.

 

The content of the ISDB entries used in firewall policies persists through reboots.

 

To update the ISDB automatically or using the command 'execute update-ffdb-on-demand' make sure to verify if 'update-ffdb' enable in FortiGuard settings. By default the setting 'update-ffdb' is enabled.

 

config system fortiguard
    set update-ffdb enable
end

 

To check the Internet service database version, use the following command:

 

diagnose autoupdate versions

 

To verify that the ISDB (FFDB) files are saved on the FortiGate flash drive:

 

diagnose autoupdate versions | grep Internet -A 6
Internet-service On-Demand Database
---------
Version: 7.02950
Contract Expiry Date: n/a
Last Updated using manual update on Fri Jan 6 06:45:00 2023
Last Update Attempt: n/a
Result: Updates Installed

 

To troubleshoot FFDB not updating, check the update debug :

 

To start the debug:

 

diagnose debug reset

diagnose debug app update -1

diagnose debug enable 

execute update-ffdb-on-demand

 

To stop the debug:

 

diagnose debug disable

diagnose debug reset

 

Related document:

Release Notes FortiOS v7.2.4

 

Note: 

Starting from firmware version 7.4.9, the default value for 2 GB or less FortiGate models for internet-service-database is 'on-demand'. There is no need to change it. 

9863
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.