FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amahdi
Staff
Staff
Article Id 323116
Description This article highlights common FortiGuard database objects and their corresponding acronyms and how to validate their signature.
Scope FortiGate.
Solution
  • SBCL - Sandbox Cloud.                                                
  • SBCL - Sandbox Cloud.
  • AVDB - Advanced Malware Protection
  • DLDB - DLP Signature
  • MUDB - Malicious URL DB
  • ETDB - IPS Extended DB
  • EXDB - AV Extreme DB
  • FLDB - Flow Based VirusDB
  • MMDB - Mobile Malware DB
  • AVAI - AI/Machine Learning Malware DB
  • APDB - Application DB
  • MADB - MAC Address DB
  • AFDB - Antiphish DB
  • DBDB - Botnet Domain DB
  • FFDB/ISDB - Internet Service DB
  • MCDB - Malicious Certificate DataBase
  • UWDB - URL Whitelist DB
  • ICDB – Inline CASB DB
  • CIDB - Device and OS Identification DB
  • AFAC - FortiAnalyzer Cloud
  • FCSS - FortiConverter Service
  • FMGC – FortiManager Cloud
  • FMWP - Firmware Virtual Patch
  • FMWR - Firmware & General Updates
  • FURL - FortiGuard URL, DNS & Video Filtering Service
  • IOTH/IOTD - IoT Detection
  • PBDS - FortiGuard IOC
  • SOAR - FortiAnalyzer Security Automation
  • SOCA - SOCaaS
  • SPAM - AntiSpam
  • ZHVO - FortiGuard Virus Outbreak Protection Service
  • NIDS - FortiGuard IPS Service
  • SFAS - Security Rating Data Package

 

Below is an example output of the command which can be used to validate the signature of FortiGuard database objects.

diagnose autoupdate signature check-all

aven(7,33) signature is valid.
virdb(2,2) signature is valid.
etdb(2,7) signature is valid.
exdb(2,4) signature is valid.
avai(2,19) signature is valid.
fcni(9,0) signature N/A.
contract(10,0) signature N/A.
idsen(30,80) signature is valid.
fldb(34,2) signature is valid.
idsdb(4,24) signature is valid.
idsetdb(4,26) signature is valid.
idsurldb(5,1) signature is valid.
appdb(38,1) signature is valid.
fmwpdb(54,1) signature is valid.
isdb(39,1) signature is valid.
iot_detec(40,1) signature is valid.
geoip(28,0) signature N/A.
ffdb_mini(31,21) signature is valid.
ffdb_std(31,19) signature is valid.
ffdb_full(31,20) signature is valid.
uwdb(32,1) signature N/A.
certdb(33,0) signature N/A.
mmdb(35,1) signature is valid.
dnsbot(36,1) signature is valid.
sfas(41,0) signature N/A.
mcdb(43,1) signature N/A.
alci(48,0) signature N/A.
anphipats(50,1) signature N/A.
incasb(51,1) signature is valid.
update objects signature check finished.

 

Note:

  • Only signed and validated packages will be accepted during automatic updates.
  • In case of manual package updates, signed and validated packages will be accepted.
  • In case a package is not signed, the following would apply:
  1. Level-0: accept the new package even if it is unsigned.
  2. Level-1: display a warning and request a user confirmation to accept.
  3. Level-2: display an error and reject the image.
  • Security levels are pre-configured on the BIOS.
  • To verify the BIOS security level:

 

get system status
Version: FortiGate-VM64-KVM v7.2.8,build1639,240313 (GA.M)
Security Level: 1
Firmware Signature: certified

Contributors