Description

This article describes how to check the web filter database (DB) version on the FortiManager and also shows how to change or shorten the DB consolidation time.

Scope

FortiManager.

Solution

Go to FortiGuard -> Query Server Management -> Receive Status: it is possible to see the web filter DB version and the time the DB has successfully consolidated, as shown below, highlighted in yellow:

 

This may cause a discrepancy, especially when there was a rating change for a particular website; when users check on the FortiGuard website, it is updated to the latest one, but FortiGate is still getting the older rating. When performing the fgdupd debug (diagnose debug application fgdupd <Integer>) the below appear:

 

FMG # FGDUPD:>> Service[0]:
get 20 updfile
FGDUPD:>> Service[0]:
Too few updfile, wait 307 minutes before merge
FGDUPD:>> Service[0]:
get 20 updfile
FGDUPD:>> Service[0]:
Too few updfile, wait 307 minutes before mergeThe behavior is expected.

 

Although, FortiManager is set to poll the update every 10 minutes by default (fgd-pull-interval), the DB consolidation will only happen every 6 hours by default, or when there are enough delta files (128 delta files for the web filter database).

 

It can be shortened to a minimum of 2 hours if required: 

 

config fmupdate web-spam fgd-setting
    set update-interval <2-24, default is 6 hours>

end

 

Consolidation of DB will consume a lot of resources from FortiManager, so it will only be consolidated after some pre-configured time or when there are enough delta files.

Therefore, it is expected that the web filter rating using FortiManager as the FortiGuard web filtering server will have a delay in rating updates compared to FortiGate queries to FortiGuard directly.