Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amahdi
Staff
Staff

Created on ‎06-28-2024 06:15 AM Edited on ‎11-20-2024 09:23 PM By Community Manager

Article Id 323116

Technical Tip: Validating common FortiGuard update package objects signature

Description This article highlights common FortiGuard database objects and their corresponding acronyms and how to validate their signature.
Scope FortiGate.
Solution
  • SBCL - Sandbox Cloud.                                                
  • SBCL - Sandbox Cloud.
  • AVDB - Advanced Malware Protection.
  • DLDB - DLP Signature.
  • MUDB - Malicious URL DB.
  • ETDB - IPS Extended DB.
  • EXDB - AV Extreme DB.
  • FLDB - Flow Based VirusDB.
  • MMDB - Mobile Malware DB.
  • AVAI - AI/Machine Learning Malware DB.
  • APDB - Application DB.
  • MADB - MAC Address DB.
  • AFDB - Antiphish DB.
  • DBDB - Botnet Domain DB.
  • FFDB/ISDB - Internet Service DB.
  • MCDB - Malicious Certificate DataBase.
  • UWDB - URL Whitelist DB.
  • ICDB – Inline CASB DB.
  • CIDB - Device and OS Identification DB.
  • AFAC - FortiAnalyzer Cloud.
  • FCSS - FortiConverter Service.
  • FMGC – FortiManager Cloud.
  • FMWP - Firmware Virtual Patch.
  • FMWR - Firmware & General Updates.
  • FURL - FortiGuard URL, DNS & Video Filtering Service.
  • IOTH/IOTD - IoT Detection.
  • PBDS - FortiGuard IOC.
  • SOAR - FortiAnalyzer Security Automation.
  • SOCA - SOCaaS.
  • SPAM - AntiSpam.
  • ZHVO - FortiGuard Virus Outbreak Protection Service.
  • NIDS - FortiGuard IPS Service.
  • SFAS - Security Rating Data Package.

 

Below is an example output of the command which can be used to validate the signature of FortiGuard database objects.

diagnose autoupdate signature check-all

aven(7,33) signature is valid.
virdb(2,2) signature is valid.
etdb(2,7) signature is valid.
exdb(2,4) signature is valid.
avai(2,19) signature is valid.
fcni(9,0) signature N/A.
contract(10,0) signature N/A.
idsen(30,80) signature is valid.
fldb(34,2) signature is valid.
idsdb(4,24) signature is valid.
idsetdb(4,26) signature is valid.
idsurldb(5,1) signature is valid.
appdb(38,1) signature is valid.
fmwpdb(54,1) signature is valid.
isdb(39,1) signature is valid.
iot_detec(40,1) signature is valid.
geoip(28,0) signature N/A.
ffdb_mini(31,21) signature is valid.
ffdb_std(31,19) signature is valid.
ffdb_full(31,20) signature is valid.
uwdb(32,1) signature N/A.
certdb(33,0) signature N/A.
mmdb(35,1) signature is valid.
dnsbot(36,1) signature is valid.
sfas(41,0) signature N/A.
mcdb(43,1) signature N/A.
alci(48,0) signature N/A.
anphipats(50,1) signature N/A.
incasb(51,1) signature is valid.
update objects signature check finished.

 

Note:

  • Starting from v7.2.0, AV and IPS packages are digitally signed by Fortinet's CA to ensure authenticity and integrity.
  • Only signed and validated packages will be accepted during automatic updates.
  • In case of manual package updates, signed and validated packages will be accepted.
  • In case a package is not signed, the following would apply:
  1. Level-0: accept the new package even if it is unsigned.
  2. Level-1: display a warning and request a user confirmation to accept.
  3. Level-2: display an error and reject the image.
  • Security levels are pre-configured on the BIOS.
  • To verify the BIOS security level:

 

get system status
Version: FortiGate-VM64-KVM v7.2.8,build1639,240313 (GA.M)
Security Level: 1
Firmware Signature: certified
991
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.