| Description | This article describes troubleshooting steps to take if FortiGate detects an invalid Antivirus/IPS engine on boot and subsequently shuts down. |
| Scope | FortiOS 6.4.13 and above, 7.0.12 and above, 7.2.5 and above, 7.4.0 and above. |
| Solution |
If an unusual or unexpected LED status (off or red instead of green) is seen on the FortiGate, the popular and efficient solution is to reboot the unit.
However, in an attempt to reboot the unit, it may not power up successfully and may instead display the following message (error) during the boot process, proceeding to perform a continuous 'boot loop sequence':
Reading boot image 5938718 bytes. Initializing firewall... System is starting... Starting system maintenance... Scanning /dev/sda1... (100%) Scanning /dev/sda3... (100%) Found AV engine signature invalid!!! <- This is the issue preventing the unit from booting.
FortiGate detected invalid AV/IPS engine, experiencing an unexpected shutting down! The system is going down NOW !! The system is halted.
Option 1.
Use the 'Boot with backup firmware and set as default' BIOS option. For this option, make sure the customer has the backup configuration. Otherwise, try the option 2 first.
Power down the FortiGate and interrupt the booting sequence while it is booting up. Follow the steps below.
Note: Isolate the unit if it is in the HA cluster.
The FortiGate screen will look similar to this:
Zeroing IRQ settings...Done. Verifying PIRQ tables...Done. Boot up, boot device capacity: 28626MB. Press any key to display configuration menu... <- Interrupt the booting here before it reaches the 'Found AV engine signature invalid' stage. .....................
The following menu will appear after pressing any key:
[C]: Configure TFTP parameters. [R]: Review TFTP parameters. [T]: Initiate TFTP firmware transfer. [F]: Format boot device. [I]: System information. [B]: Boot with backup firmware and set as default. [Q]: Quit menu and continue to boot. [H]: Display this list of options.
Enter C,R,T,F,I,B,Q,or H: <- Press B to boot with backup firmware.
Loading backup firmware from boot device...
Booting OS... .Initializing firewall...
System is starting... Starting system maintenance... Scanning /dev/mmcblk0p1... (100%) Scanning /dev/mmcblk0p3... (100%)
If this option did not help, attempt option 2.
Option 2.
Use a different security level [the default is security level 2] in the BIOS options.
Power down the FortiGate and interrupt the booting sequence once is booting up. Follow the steps below:
Note: Isolate the unit if it is in the HA cluster.
Zeroing IRQ settings...Done. Verifying PIRQ tables...Done. Boot up, boot device capacity: 28626MB. Press any key to display configuration menu... <- Interrupt the booting here before it reaches the 'Found AV engine signature invalid' stage. .............................
In the security level menu, choose 'Use security level 1 or 0 during boot to avoid the boot loop sequence'.
Below are the details of what each security level does:
Note: When facing this issue after an upgrade, note that it is not recommended to downgrade it. Do it only if a TAC engineer tells that there is no other workaround other than a downgrade. |
