FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alif
Staff
Staff
Article Id 194931

Description


This article describes about steps taken to verify and troubleshoot the FortiGuard updates status and Versions.

There are certain CLI commands that allows users to view the current FortiGuard status from the FortiGate.

It is necessary to register the FortiGate before it can show the FortiGuard licenses.

These commands also allow the user to check whether the FortiGate is running the latest packages from FortiGuard.

 

NOTE: An AV or IPS profile MUST be assigned to any policy, as otherwise the packages will not be updated at all!

 

Scope

 

FortiGate all versions.


Solution


To view licenses on GUI, go to the Dashboard and find the Licenses widget.
The FortiGuard licenses are listed, with their status indicated.

 
The widget only displays licenses for features that needs to be enabled in feature visibility.
To enable more features, go to System -> Feature Visibility.

FortiGuard license information can also be viewed by going to System -> FortiGuard.
 
 
To check the auto-update status and FortiGuard Distribution Servers (FDS) settings, run the following command from CLI:

FGT # diagnose autoupdate status
FDN availability:  available at Sun Apr 25 08:01:15 2021

Scheduled update: enable
Virus definitions update: enable
IPS definitions update: enable
Web proxy tunneling: disable
This is explained in the following table.
 
Field name
Description
FDN availability Specify availability status and last access time (access time corresponds to the scheduled update settings).
Possible values are: available/unavailable.
Scheduled update Specify whether scheduled update is enabled or disabled.
Possible values are: enable/disable.
Virus definitions update Specify whether the virus definitions update is enabled or disabled.
Possible values are: enable/disable.
IPS definitions updates Specify whether the IPS definitions update is enabled or disabled.
Possible values are: enable/disable.
Web proxy tunneling Specify whether FortiGate device is using a proxy to retrieve AV and IPS definitions updates.
Possible values are: enable/disable.
If enabled, additional lines are displayed showing the proxy settings.
 
Use the following sub command to modify the way the FortiGate interacts with FDS and to parameter FDS communication:

FGT # config system autoupdate
schedule     <----- Configure update schedule.
tunneling    <----- Configure web proxy tunnelling for the FDN.
Use the following command to check the actual versions of packages (databases and engines) currently running on the FortiGate:
FGT # diagnose autoupdate versions

AV Engine
---------
Version: 6.00258
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Mar 16 23:38:00 2021
Last Update Attempt: n/a
Result: Updates Installed

Virus Definitions
---------
Version: 85.00708
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 07:21:32 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

Extended set
---------
Version: 85.00708
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 07:21:32 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

Mobile Malware Definitions
---------
Version: 85.00709
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 07:41:13 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

IPS Attack Engine
---------
Version: 7.00018
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Fri Mar 26 19:17:00 2021
Last Update Attempt: n/a
Result: Updates Installed

IPS Config Script
---------
Version: 1.00009
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Thu Jun  6 14:02:00 2019
Last Update Attempt: n/a
Result: Updates Installed

Attack Definitions
---------
Version: 6.00741
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Dec  1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed

Attack Extended Definitions
---------
Version: 0.00000
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Mon Jan  1 00:00:00 2001
Last Update Attempt: n/a
Result: Updates Installed

Application Definitions
---------
Version: 6.00741
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Dec  1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed

Industrial Attack Definitions
---------
Version: 6.00741
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Dec  1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed

IPS Malicious URL Database
---------
Version: 2.00990
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 05:02:50 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

Flow-based Virus Definitions
---------
Version: 1.00123
Contract Expiry Date: Fri Jan 21 2022
Last Updated using manual update on Tue Jul 21 14:19:00 2015
Last Update Attempt: n/a
Result: Updates Installed

Botnet Domain Database
---------
Version: 2.00735
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Fri Apr 23 15:01:49 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

Internet-service Database
---------
Version: 7.01488
Contract Expiry Date: n/a
Last Updated using scheduled update on Sat Apr 24 00:22:10 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

Device and OS Identification
---------
Version: 1.00116
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Tue Apr 20 17:48:10 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

URL Allow list
---------
Version: 3.00118
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sat Apr 24 11:22:09 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

IP Geography DB
---------
Version: 3.00075
Contract Expiry Date: n/a
Last Updated using scheduled update on Fri Apr 23 10:45:51 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

Certificate Bundle
---------
Version: 1.00022
Contract Expiry Date: n/a
Last Updated using manual update on Mon Mar 29 17:30:00 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

Malicious Certificate DB
---------
Version: 1.00317
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Mon Apr 19 14:07:32 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

Mac Address Database
---------
Version: 1.00058
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Tue Apr 20 09:23:30 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

AntiPhish Pattern DB
---------
Version: 1.00004
Contract Expiry Date: n/a
Last Updated using manual update on Tue Feb 23 14:01:00 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: No Updates

AI/Machine Learning Malware Detection Model
---------
Version: 2.00269
Contract Expiry Date: Fri Jan 21 2022
Last Updated using scheduled update on Sun Apr 25 08:01:15 2021
Last Update Attempt: Sun Apr 25 08:01:15 2021
Result: Updates Installed

Modem List
---------
Version: 0.000

FDS Address
---------
173.243.140.6:443
Manually Updating an AV/IPS package.

The above output shows:

AV Engine
---------
Version: 6.00258            <----- This is for example the AV Database version loaded on the FortiGate.
Contract Expiry Date: Fri Jan 21 2022
Check on Fortinet Support Portal for the latest package version.

If needed, trigger an update for either AV or IPS databases. This can be performed both on:

System -> Maintenance -> FortiGuard -> AV and IPS  and 'Update Now' option, this checks for both the latest AV and IPS packages on the FDS server.

Or from the CLI with the following options:
FGT # execute update
update-av                   <----- Update AV engine/definitions.
update-external-resource    <----- Download external resource.
update-geo-ip               <----- Update IP Geography DB.
update-ips                  <----- Update IPS engine/definitions.
update-list                 <----- Download update server list.
update-now                  <----- Update now.
update-sata-firmware        <----- Update SATA firmware.
update-src-vis              <----- Update src-vis object.
Basic Troubleshooting of AV/IPS updates.
 
If there are any issues, collect the following output and send it to Fortinet TAC Support:
FGT# diag autoupdate versions
FGT# diag autoupdate status

FGT# diag debug rating
FGT# diag debug enable
FGT# diag debug application update 255
FGT# execute update-now
Run the debugs for 2-3 minutes and then stop by;
FGT# diag debug disable
FGT# diag debug reset
Related document.

 

Related KB Articles

Troubleshooting Tool: Using the FortiOS built-in packet sniffer

Troubleshooting Tip : How to use the FortiGate sniffer and debug flow in presence of NP2 ports

Troubleshooting Tip: Packet capture (CLI sniffer) tips and best practices

Troubleshooting Tip: Diagnosing FortiGuard problems of Antivirus, Intrusion Prevention, Web Filterin...

Contributors