Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
tnesh
Staff
Staff

Created on ‎05-13-2024 07:59 AM Edited on ‎05-14-2024 05:43 AM By Community Manager

Article Id 314704

Technical Tip: How to push application control package update from air-gapped FortiManager to air-gapped FortiGate

Description This article describes how to push application control package updates from air-gapped FortiManager to air-gapped FortiGate.
Scope FortiManager & FortiGate.
Solution

Note:

  • Both FortiManager and FortiGate are in an air-gapped network.

 

Steps:

  1. Make sure FortiGate and FortiManager are configured correctly for FortiGate using FortiManager as the local FortiGuard server:
    Technical Tip: FortiGate configuration for using FortiManager as local FDS
  2. Download the correct application control package from the Support Portal (https://support.fortinet.com/).

    dl-appdb.png

     

  3. Upload the application control package file to FortiManager -> FortiGuard -> Settings -> Upload Options for FortiGate/FortiMail -> Packages and Database -> Upload.

    upload-appdb.gif

     

  4. Verify the application package is successfully uploaded into FortiManager:
    FortiManager -> FortiGuard -> Packages -> uncheck 'Show Used Object Only'.

    appdb-afterupload.png

     

  5. Make sure to enable 'AntiVirus and IPS Service' under FortiManager -> FortiGuard -> Settings -> Enable AntiVirus and IPS Service -> FortiGate -> <select correct version>.

    enable-version.png

     

  6. In FortiGate, make sure there is at least one policy with an 'Application Control' security profile enabled:

    fgt-policy.png

     

  7. Run the following CLI command in FortiGate to perform the manual update:

    FGT # diag debug application update 255

    FGT # diag debug en

    FGT # exe update-now
         

  8. Run the following CLI command in FortiGate to check the FortiGate package version:

    FGT # diag autoupdate versions

     

Sample result:

  1. FortiGate package version before update:

    FGT # diag autoupdate versions
    .
    <truncated>
    .
    Application Definitions
    ---------
    Version: 6.00741 signed
    Contract Expiry Date: Wed Aug 21 2024
    Last Updated using manual update on Tue Dec 1 02:30:00 2015
    Last Update Attempt: n/a
    Result: Updates Installed
    .
    <truncated>
    .

  2. FortiGate debug output:

    FGT # diag debug application update 255

    FGT # diag debug en

    FGT # exe update-now

    .
    <truncated>
    .
    upd_install_pkg[1435]-FLEN076 is up-to-date
    upd_install_pkg[1461]-APDB001(appdb) installed successfully
    upd_install_pkg[1461]-APDB051(wapp) installed successfully
    upd_install_pkg[1435]-FMWP001 is up-to-date
    .
    <truncated>
    .

     

  3. FortiGate package version after update:

    FGT # diag autoupdate versions
    .
    <truncated>
    .
    Application Definitions
    ---------
    Version: 27.00783 signed
    Contract Expiry Date: Wed Aug 21 2024
    Last Updated using manual update on Tue Dec 1 02:30:00 2015
    Last Update Attempt: Mon May 13 22:27:06 2024
    Result: Updates Installed
    .
    <truncated>
    .

Related article:

Technical Tip: How to configure FortiAnalyzer/FortiManager to use FortiManager as a FortiGuard serve...
143
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.