| Description | This article describes how to upgrade the Antivirus Engine in a HA cluster. |
| Scope | FortiGate, Fortiproxy |
| Solution |
From CLI: Run this command to check the current version of the engine:
FGT_1#diagnose autoupdate versions | grep AV -A2 AV Engine --------- Version: 6.00164 --
From the GUI: go to System -> Fortiguard -> AV Definitions.
FGT_1 # get sys status | grep HA Current HA mode: a-p, primary From the CLI we can move to the secondary firewall via: exec ha manage 0 [username] FGT_2# get sys status | grep HA Current HA mode: a-p, secondary FGT_2#diagnose autoupdate versions | grep AV -A2 AV Engine --------- Version: 6.00164 --
Here both units in the cluster are on 6.00164.
2) Upgrading the AntiVirus engine on the primary FortiGate. Go to System -> FortiGuard -> Antivirus -> Upgrade Database -> Select file -> Upload the AV Engine and select 'OK'.
In this example, an upgrade is performed from version 164 to 169:
Once 'OK' is selected:
3) After the Antivirus engine is upgraded, it is possible to check the status of the Antivirus engine on both the firewalls in the cluster:
FGT_1#diagnose autoupdate versions | grep AV -A2 AV Engine --------- Version: 6.00169 --
Ideally upgrading the Active firewall with the Antivirus engine database should push it to the secondary as well, it is possible to check it from GUI or CLI:
FGT_1 # exec ha manage 0 [username] FGT_2 #diagnose autoupdate versions | grep AV -A2 AV Engine --------- Version: 6.00169 --
Related articles: Technical Tip: How to manually update the Virus Definition database or AntiVirus Engine Technical Tip: Upgrading IPS Engine on the primary FortiGate will also upgrade the backup FortiGate |
