IPS engine manual update failing with err...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 335400

Description

This article describes how to resolve a scenario where the manual upgrade of the IPS engine fails with the error 'Failed to upgrade database'.

Scope

Firewall with BIOS security level set to 2.

Solution

If the BIOS security level is set to 2, the firewall will reject the manually uploaded unsigned engine and give the following error:

Verify the BIOS security level using the 'get system status' command on the CLI:

get system status
Version: FortiGate-200F v7.4.3,build2573,240201 (GA.F)
First GA patch build date: 230509
Security Level: 2

First, change the firewall security level to 1 before upgrading the IPS Engine.

To change the security level:

Connect to the console port of the FortiGate.
Reboot the FortiGate (execute reboot) and enter the BIOS menu.
Press [I] to enter the System Information menu
Press [U] to enter the Set security level menu
Enter the required security level.
Continue to boot the device.

Refer to Enhance BIOS-level signature and file integrity checking - FortiGate documentation for more information about BIOS-level signatures and file integrity.

Note:
From version v7.0.16, v7.2.11, v7.4.6, and v7.6.1, the BIOS security level has been updated from numeric classification 0/1/2 to Low/High. For more information, refer to BIOS security Low and High level classification - FortiGate documentation.

719

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: IPS engine manual update failing with error 'Failed to upgrade database'

You are leaving our website