|
These 'Attack Definitions' refer to IPS databases that can be verified using the following command:
show full-configuration ips global
config ips global
set fail-open disable
set database extended
set traffic-submit disable
set anomaly-mode continuous
set session-limit-mode heuristic
set socket-size 256
set engine-count 0
set sync-session-ttl enable
set np-accel-mode basic
set ips-reserve-cpu disable
set cp-accel-mode advanced
set deep-app-insp-timeout 0
set deep-app-insp-db-limit 0
set exclude-signatures ot
set packet-log-queue-depth 128
set ngfw-max-scan-range 4096
set av-mem-limit 0
config tls-active-probe
set interface-select-method auto
end
end
The default value may change according to the device model (see the CLI Reference).
If the 'extended' database is being used in IPS, FortiGate does not update the normal database along with it or vice versa.
FortiOS only requests packages for the configured IPS database set.
If IPS DB is set to 'regular', then FortiGate will update 'Attack Definitions' only, not 'Attack Extended Definitions'. If IPS DB is set to ‘extended’, then FortiGate will update 'Attack Extended Definitions' only and not 'Attack Definitions'.
It is possible to modify this configuration:
config ips global
set database regular
end
Afterwards, attempt to manually update the FortiGate using the command 'execute update-now'. After, verify the attempt succeeded with the command 'diagnose autoupdate versions': the output should show that the ‘Attack Definitions’ were updated.
Attack Definitions
---------
Version: 22.00491
Contract Expiry Date: Wed Jul 26 2023
Last Updated using manual update on Wed Feb 8 10:34:41 2023
Last Update Attempt: Wed Feb 8 10:34:41 2023
Result: Updates Installed
Note: The IPS security profile must be applied to the firewall policy before updating manually (by using 'execute update-now').
|
