Description
This article describes about steps taken to verify and troubleshoot the FortiGuard updates status and Versions.
There are certain CLI commands that allows users to view the current FortiGuard status from the FortiGate.
It is necessary to register the FortiGate before it can show the FortiGuard licenses.
These commands also allow the user to check whether the FortiGate is running the latest packages from FortiGuard.
NOTE: An AV or IPS profile MUST be assigned to any policy, as otherwise the packages will not be updated at all!
Scope
FortiGate all versions.
Solution
To view licenses on GUI, go to the Dashboard and find the Licenses widget.
The FortiGuard licenses are listed, with their status indicated.
The widget only displays licenses for features that needs to be enabled in feature visibility.
To enable more features, go to System -> Feature Visibility.
FortiGuard license information can also be viewed by going to System -> FortiGuard.
FortiGuard license information can also be viewed by going to System -> FortiGuard.
To check the auto-update status and FortiGuard Distribution Servers (FDS) settings, run the following command from CLI:
FGT # diagnose autoupdate statusThis is explained in the following table.
FDN availability: available at Sun Apr 25 08:01:15 2021
Scheduled update: enable
Virus definitions update: enable
IPS definitions update: enable
Web proxy tunneling: disable
| Field name |
Description |
| FDN availability | Specify availability status and last access time (access time corresponds to the scheduled update settings). Possible values are: available/unavailable. |
| Scheduled update | Specify whether scheduled update is enabled or disabled. Possible values are: enable/disable. |
| Virus definitions update | Specify whether the virus definitions update is enabled or disabled. Possible values are: enable/disable. |
| IPS definitions updates | Specify whether the IPS definitions update is enabled or disabled. Possible values are: enable/disable. |
| Web proxy tunneling | Specify whether FortiGate device is using a proxy to retrieve AV and IPS definitions updates. Possible values are: enable/disable. If enabled, additional lines are displayed showing the proxy settings. |
Use the following sub command to modify the way the FortiGate interacts with FDS and to parameter FDS communication:
FGT # config system autoupdateUse the following command to check the actual versions of packages (databases and engines) currently running on the FortiGate:
schedule <----- Configure update schedule.
tunneling <----- Configure web proxy tunnelling for the FDN.
FGT # diagnose autoupdate versionsManually Updating an AV/IPS package.
AV Engine
---------
Version: 6.00258
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Mar 16 23:38:00 2021
Last Update Attempt: n/a
Result: Updates Installed
Virus Definitions
---------
Version: 85.00708
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 07:21:32 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
Extended set
---------
Version: 85.00708
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 07:21:32 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
Mobile Malware Definitions
---------
Version: 85.00709
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 07:41:13 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
IPS Attack Engine
---------
Version: 7.00018
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Fri Mar 26 19:17:00 2021
Last Update Attempt: n/a
Result: Updates Installed
IPS Config Script
---------
Version: 1.00009
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Thu Jun 6 14:02:00 2019
Last Update Attempt: n/a
Result: Updates Installed
Attack Definitions
---------
Version: 6.00741
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed
Attack Extended Definitions
---------
Version: 0.00000
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: n/a
Result: Updates Installed
Application Definitions
---------
Version: 6.00741
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed
Industrial Attack Definitions
---------
Version: 6.00741
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed
IPS Malicious URL Database
---------
Version: 2.00990
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 05:02:50 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
Flow-based Virus Definitions
---------
Version: 1.00123
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Jul 21 14:19:00 2015
Last Update Attempt: n/a
Result: Updates Installed
Botnet Domain Database
---------
Version: 2.00735
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Fri Apr 23 15:01:49 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
Internet-service Database
---------
Version: 7.01488
Contract Expiry Date: n/a
Last Updated using scheduled update on Sat Apr 24 00:22:10 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
Device and OS Identification
---------
Version: 1.00116
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Tue Apr 20 17:48:10 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
URL Allow list
---------
Version: 3.00118
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sat Apr 24 11:22:09 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
IP Geography DB
---------
Version: 3.00075
Contract Expiry Date: n/a
Last Updated using scheduled update on Fri Apr 23 10:45:51 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
Certificate Bundle
---------
Version: 1.00022
Contract Expiry Date: n/a
Last Updated using manual update on Mon Mar 29 17:30:00 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
Malicious Certificate DB
---------
Version: 1.00317
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Mon Apr 19 14:07:32 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
Mac Address Database
---------
Version: 1.00058
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Tue Apr 20 09:23:30 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
AntiPhish Pattern DB
---------
Version: 1.00004
Contract Expiry Date: n/a
Last Updated using manual update on Tue Feb 23 14:01:00 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates
AI/Machine Learning Malware Detection Model
---------
Version: 2.00269
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 08:01:15 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: Updates Installed
Modem List
---------
Version: 0.000
FDS Address
---------
173.243.140.6:443
The above output shows:
AV EngineCheck on Fortinet Support Portal for the latest package version.
---------
Version: 6.00258 <----- This is for example the AV Database version loaded on the FortiGate.
Contract Expiry Date: Fri Jan 21 2022
If needed, trigger an update for either AV or IPS databases. This can be performed both on:
System -> Maintenance -> FortiGuard -> AV and IPS and 'Update Now' option, this checks for both the latest AV and IPS packages on the FDS server.
Or from the CLI with the following options:
FGT # execute updateBasic Troubleshooting of AV/IPS updates.
update-av <----- Update AV engine/definitions.
update-external-resource <----- Download external resource.
update-geo-ip <----- Update IP Geography DB.
update-ips <----- Update IPS engine/definitions.
update-list <----- Download update server list.
update-now <----- Update now.
update-sata-firmware <----- Update SATA firmware.
update-src-vis <----- Update src-vis object.
If there are any issues, collect the following output and send it to Fortinet TAC Support:
FGT# diag autoupdate versionsRun the debugs for 2-3 minutes and then stop by;
FGT# diag autoupdate status
FGT# diag debug rating
FGT# diag debug enable
FGT# diag debug application update 255
FGT# execute update-now
FGT# diag debug disableRelated document.
FGT# diag debug reset
Related KB Articles
Troubleshooting Tool: Using the FortiOS built-in packet sniffer
Troubleshooting Tip : How to use the FortiGate sniffer and debug flow in presence of NP2 ports
Troubleshooting Tip: Packet capture (CLI sniffer) tips and best practices
