FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
heng
Staff
Staff
Article Id 231938
Description

 

This article describes how to identify the current FortiGuard packages version that being used by all the managed devices.

 

Example:

The AntiVirus engine version, IPS engine version, ISDB version and etc.

 

Scope

 

FortiManager v7.2 and FortiGate.

 

Solution

 

  1. For FortiManager, to obtain and store the managed device's package version information like FortiGate, FortiGate must point to FortiManager for the update request with server-type 'update'. For the configuration guide, refer to the following article: Technical Tip: How to setup FortiGate to get updates from FortiManager.
  2. Log into  FortiManager GUI -> FortiGuard -> Package Management -> Service Status, select All 'ADOMs' and select By Package button.

 

Example as follows:

 

heng_0-1669872856198.png

 

  1. To see more granular information such as per package per version per device, it is possible to 'double-click' on the column Installed Devices on that target package information which will lead to another page to list out all the currently running versions for that target package with all the corresponding devices. 

 

heng_1-1669873005826.png

 

For example here, look at the AV Engine package 06004000AVEN02800 which all of the current running AntiVirus Engine versions will be listed.

With all the listed version information as a reference, it is possible to plan to upgrade accordingly to the target version to fix certain CVEs or vulnerabilities on the vulnerable AntiVirus engine.

 

For example, CVE-2022-26122 will require the AntiVirus engine to be upgraded to version 6.00169 or above:

 

heng_0-1669964247798.png

 

 

The currently available version can be found on the FortiGuard website.

 

Related article:

Technical Tip: Common Internet Service Database Feature admin operations.