Description
This article describes how to check the webfilter database (DB) version on the FortiManager, and also show how to change or shorten the DB consolidation time.
Solution
Go to FortiGuard -> Query Server Management -> Receive Status, it is possible to see the web filter DB version and the time the DB have successfully consolidate as shown below highlighted in Yellow:
If the 'Update History' button is selected (indicated in the red square box above), all the delta packages downloaded into FortiGate are visible.
On the very bottom, the latest delta package for version 24.04990 is visible, last downloaded on 2020-12-29 10:55:05, but our web filter DB as shown above is still at 34.04973.
This may cause discrepancy especially when there were a rating change for a particular website, where user check on FortiGuard website it is updated to the latest one, but FortiGate still getting the older rating. When we perform fgdupd debug, we can see below:-
FMG # FGDUPD:>> Service[0]:The behavior is expected.
get 20 updfile
FGDUPD:>> Service[0]:
Too few updfile, wait 307 minutes before merge
FGDUPD:>> Service[0]:
get 20 updfile
FGDUPD:>> Service[0]:
Too few updfile, wait 307 minutes before merge
Although FortiManager is set to poll the update every 10 minutes by default (fgd-pull-interval), but the DB consolidation will only happened every 6 hours by default, or when there is enough delta files (128 delta files for web filter database).
It can be shorten to minimum 2 hours if required:-
# config fmupdate web-spam fgd-settingConsolidation of DB will consume a lot of resources from FortiManager, so it will only be consolidated after some pre-configured time or when there is enough delta files.
set update-interval <2-24, default is 6 hours>
end
Therefore, it is expected the webfilter rating using FortiManager as FortiGuard web filtering server to have delay rating update compared to FortiGate query FortiGuard directly.
