Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
yangw
Staff
Staff

Created on ‎11-06-2022 10:31 PM Edited on ‎05-18-2025 10:19 PM By Staff

Article Id 229062

Troubleshooting Tip: FortiGuard service definitions are not updated if the security profiles do not add to the active policy rule

Description This article describes that FortiGuard service definitions are not updated, even if the contract status is valid.
Scope FortiGate v7.0, v7.2, v7.4.
Solution

The command below will display the definition version and update status.

 

diagnose autoupdate versions

 

 The contracts are all valid however, they never update.

 

IPS Malicious URL Database:


---------
Version: 3.00146
Contract Expiry Date: Fri Sep 22 2023
Last Updated using scheduled update on Wed Sep 29 02:25:22 2021
Last Update Attempt: Wed Sep 29 14:02:50 2021
Result: No Updates


AI/Machine Learning Malware Detection Model:


---------
Version: 0.00000
Contract Expiry Date: Fri Sep 22 2023
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: n/a
Result: Updates Installed

Mobile Malware Definitions
---------
Version: 76.00599
Contract Expiry Date: Fri Sep 22 2023
Last Updated using scheduled update on Fri Apr 10 20:16:57 2020
Last Update Attempt: Wed Sep 29 14:02:50 2021
Result: Unauthorized

 

Applying the security profiles to the active policy rule below for updating definitions.

 

config firewall policy
    edit 3
        set srcintf "Meeting_zone"
        set dstintf "WAN_zone"
        set action accept
        set srcaddr "Meeting_group"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set ssl-ssh-profile "certificate-inspection"
        set av-profile "default"
        set dnsfilter-profile "default"
        set ips-sensor "default"
        set application-list "default"
        set logtraffic all
        set nat enable
    next

 

The commands below display the definition update status:

 

diagnose debug reset

diagnose debug app update -1
diagnose debug en
exec update-now

 

The related output is below:

 

upd_install_pkg[1332]-FCNI000 installed successfully
upd_install_pkg[1332]-FDNI000 installed successfully
upd_install_pkg[1332]-FSCI000 installed successfully
upd_install_pkg[1306]-CIDB000 is up-to-date
upd_install_pkg[1306]-IPGO000 is up-to-date
upd_install_pkg[1306]-FFDB009 is up-to-date
upd_install_pkg[1306]-UWDB001 is up-to-date
upd_install_pkg[1306]-CRDB000 is up-to-date
upd_install_pkg[1306]-DBDB001 is up-to-date
upd_install_pkg[1312]-SFAS000 is unauthorized
upd_install_pkg[1306]-MCDB001 is up-to-date
upd_install_pkg[1332]-ALCI000 installed successfully
upd_install_pkg[1306]-MADB001 is up-to-date
upd_install_pkg[1306]-AFDB001 is up-to-date
upd_status_save_status[130]-try to save on status file
upd_status_save_status[196]-Wrote status file
__upd_act_update[325]-Package installed successfully
[205] __ssl_data_ctx_free: Done
[1048] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1058] ssl_ctx_free: Done
[1039] ssl_disconnect: Shutdown
do_update[653]-UPDATE successful

 

Related article:

Technical Tip: FortiGate unable to update IPS and antivirus databases

 

Labels:
1829
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.