Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aaouane
Staff
Staff

Created on ‎12-20-2019 06:44 AM Edited on ‎01-22-2025 08:04 AM By Moderator

Article Id 193119

Technical Tip: Regular Antivirus, IPS, and Application control Scheduled update not working

Description

 

This article describes how scheduling updates ensures that the virus, IPS definitions, and application control signatures are downloaded to FortiGate regularly.
In some scenarios, FortiGate is not able to receive regularly scheduled Antivirus, IPS, or application control updates. Only a manual Update that functions.

FortiGuard updates can be scheduled in the GUI under System -> FortiGuard -> FortiGuard Updates.

 

Screenshot 2024-11-28 155820.jpg

 

This article describes how to resolve this issue.
 
Scope
 
FortiGate.

Solution

Updating Antivirus, IPS, or application control definitions can cause a brief disruption in traffic that is currently being scanned while FortiGate applies the new signature database.

Updates should be scheduled during off-peak hours when network usage is at a minimum to ensure that network activity will not be affected by downloading the definitions files.

When all policies on the configuration have no UTM (AV, IPS, or APP) enabled, Regular Scheduled for Antivirus, IPS definitions, and APP signatures will not work even if scheduled updates are configured.

Updates only work if in there is at least one policy with UTM (Antivirus, IPS, or APP) enabled in the configuration.
Enable Antivirus, IPS, or APP in one of the policies, and then, regular schedule updates will start working if it is configured. The current version, last time updated, and last update attempt result using the command 'diagnose autoupdate versions'.
 
fw-policy.jpg
 
Checking version information and the last time updated in the GUI:
 
On the web GUI the current version and last time updated can be checked under System -> FortiGuard -> Licence Information.
 
To check AV Definitions, check under AntiVirus -> AV Definitions and hover the mouse of the version to see the last updated date.
 
AV-definitions-GUI.jpg

 

To check IPS Definitions, check under Intrusion Prevention -> IPS Definitions and hover the mouse of the version to see the last updated date.
 
IPS-Def-GUI.jpg

 

To check Application Control Signatures, check under Firmware & General Updates -> Application Control Signatures and hover the mouse of the version to see the last updated date.
 
APP-Def-GUI.jpg

 

 
 
Checking version information and the last time updated in the CLI:
 
The current version, last time updated, and last update attempt result using the command 'diagnose autoupdate versions'.
 
To check AV Definitions:
 
# diagnose autoupdate versions | grep "Virus Definitions" -A 6
Virus Definitions
---------
Version: 93.00440 signed
Contract Expiry Date: Thu Feb 18 2027
Last Updated using manual update on Wed Jan 22 11:04:59 2025
Last Update Attempt: Wed Jan 22 11:04:59 2025
Result: Updates Installed
--
Flow-based Virus Definitions
---------
Version: 93.00440 signed
Contract Expiry Date: Thu Feb 18 2027
Last Updated using manual update on Wed Jan 22 11:04:59 2025
Last Update Attempt: Wed Jan 22 11:04:59 2025
Result: Updates Installed
 
To check IPS definitions:
 
diagnose autoupdate versions | grep "Attack Definitions" -A 6
Attack Definitions
---------
Version: 6.00741 signed
Contract Expiry Date: Thu Feb 18 2027
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed
To check Application Control Signatures:

diagnose autoupdate versions | grep "Application Definitions" -A 6
Application Definitions
---------
Version: 29.00938 signed
Contract Expiry Date: Thu Feb 18 2027
Last Updated using manual update on Wed Jan 22 11:04:59 2025
Last Update Attempt: Wed Jan 22 11:04:59 2025
Result: Updates Installed

Note:

 

  • Check that the FortiGate has a valid contract.
  • Antivirus/IPS are updated using port 443 while Web filtering/anti-spam are contacted using either port 53 or port 8888. 
  • Ensure that nothing is blocking traffic from the FortiGate on these ports.
 
Related articles:
Labels:
4133
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.