| Description | This article describes how to upgrade the Antivirus Engine in an HA cluster. |
| Scope | FortiGate, FortiProxy |
| Solution |
From CLI: Run this command to check the current version of the engine:
FGT_1#diagnose autoupdate versions | grep AV -A2 AV Engine --------- Version: 6.00164 --
From the GUI: go to System -> FortiGuard -> AV Definitions.
FGT_1 # get sys status | grep HA Current HA mode: a-p, primary From the CLI we can move to the secondary firewall via: exec ha manage 0 [username] FGT_2# get sys status | grep HA Current HA mode: a-p, secondary FGT_2#diagnose autoupdate versions | grep AV -A2 AV Engine --------- Version: 6.00164 --
Here, both units in the cluster are on 6.00164.
Go to System -> FortiGuard -> Antivirus -> Upgrade Database -> Select file -> Upload the AV Engine and select 'OK'.
In this example, an upgrade is performed from version 164 to 169:
Once 'OK' is selected:
FGT_1#diagnose autoupdate versions | grep AV -A2 AV Engine --------- Version: 6.00169 --
Ideally, upgrading the Active firewall with the Antivirus engine database should push it to the secondary as well. It is possible to check it from the GUI or the CLI:
FGT_1 # execute ha manage 0 [username] FGT_2 #diagnose autoupdate versions | grep AV -A2 AV Engine --------- Version: 6.00169 -- Note: In the case of the FGSP cluster, it is necessary to upload the antivirus engine to every FGSP peer.
Related articles: Technical Tip: How to manually update the Virus Definition database or AntiVirus Engine Technical Tip: Upgrading IPS Engine on the primary FortiGate will also upgrade the backup FortiGate |
