Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
heng
Staff
Staff

Created on ‎12-02-2022 12:50 AM Edited on ‎12-02-2022 12:53 AM By Moderator

Article Id 232053

Technical Tip: How to update AV Engine to FortiGate via FortiManager

Description

 

This article describes how to update the Antivirus engine to FortiGate via FortiManager.

FortiGate can points to FortiManager to update its FortiGuard packages e.g. like Anti Virus signature, IPS signature and others.

 

It is also possible to update the FortiGate AV engine via FortiManager for the scenario when the FortiManager is in a closed network environment or the FortiManager is able to connect to FortiGuard for an update.

 

The following solution will demonstrate how the AV engine version can be updated via the FortiManager FortiGuard module.


Note:
It is not necessary to upgrade the AV engine frequently.

The AV engine is only being provided by TAC support to upgrade when there is a bug fix or the vulnerability fix. 

For example, CVE-2022-26122 will require the AntiVirus engine to be upgraded to version 6.00169 or above.

 

Scope

 

FortiManager 7.2 & FortiGate.

 

Solution

 

1) In order for FortiManager to obtain and store the managed device's package version information like FortiGate, it is mandatory for FortiGate to point to FortiManager for the update request with server-type 'update'.

 

For the configuration guide, refer to the following article:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-setup-FortiGate-to-get-updates-from...

 

2) How to check or identify the running AntiVirus Engine version for the managed devices, refer to the following article:

https://community.fortinet.com/t5/FortiManager/Technical-Tip-How-to-identify-the-running-FortiGuard-...

 

3)  It is possible to get the AV engine from the Fortinet TAC support and import from GUI: FortiGuard ->  Package Management -> Receive Status -> Import, select the AV Engine package, example of the package name will be vsigupdate-OS6.40_6.172_ENG_ALL.pkg.

 

For this example here, AntiVirus Engine (06004000AVEN02800) version 6.00172 will be imported. The checksum value is optional.

 

heng_0-1669962921379.png

 

heng_1-1669963061959.png

 

heng_2-1669963182792.png

 

heng_0-1669963289546.png

 

4) Look for the imported package name AntiVirus Engine (06004000AVEN02800) which was updated to version 6.00172 and under the 'To Be Deployed Version' and make sure the current version selection is always set to 'Latest'.

 

heng_1-1669963433762.png

 

5) From GUI: FortiGuard -> Package Management -> Service Status, the status update showing 'Pending' will be visible when the FortiManager detects the version differences between the current running version in FortiGate and the one updated in FortiManager.

 

Select All ADOMs and select the By Package button.

 

heng_1-1669963968670.png

 

6) To see more granular information such as per package per version per device, it is possible to 'double-click' on the column Installed Devices on that target package information which will lead to another page to list out all the currently running versions for that target package with all the corresponding devices. 

 

For this example, the current version is the one on the FortiGate(s) and the package version is the current version in the FortiManager. The FortiManager will compare the version differently and put the status as Pending and required for an update. In this example, the AV engine must update to fix the CVE-2022-26122.

 

heng_3-1669964434430.png

 

7) Select all devices and select the Push Pending button to update it to the devices. Let the devices update to FortiManager for at least 5 minutes.

 

heng_4-1669964525068.png

 

8) In FortiManager, verify that all the Pending statuses are changed to Up to Date status and verify whether the AV engine is updated correctly as follows or not.

 

heng_6-1669965441895.png

 

heng_7-1669965614437.png

 

9) Check in the FortiGate FortiGuard GUI module, the AV engine version should be updated. In this case here, it will update the AV engine to 6.00.172 as intended.

 

heng_5-1669965189148.png

 

Similarly, run debug update in the FortiGate the real-time update right after the push, a sample push debug as follows.

 

...

upd_fds_fmg_info_update[1607]-Updated FMG [FMG-VMTM1900XXXX]
doInstallUpdatePackage[1003]-Full obj found for AVEN028
doInstallUpdatePackage[1013]-Updating obj AVEN
upd_cfg_extract_avips_engine_version[250]-version=06004000AVEN02800-00006.00154-2008211631
installUpdateObject[338]-Step 1:Unpack obj 7, Total=1, cur=0

...

upd_install_pkg[1391]-AVEN028 installed successfully
upd_install_pkg[1391]-AVDB002 installed successfully
upd_install_pkg[1391]-AVDB007 installed successfully

...

upd_cfg_extract_avips_engine_version[250]-version=06004000AVEN02800-00006.00172-2206291747

...

 

Alternately, run the CLI command below in FortiGate to check the AV engine version if it had been updated.

 

FGT-2 # diagnose autoupdate versions

AV Engine
---------
Version: 6.00172
Contract Expiry Date: Wed Aug 21 2024
Last Updated using manual update on Fri Dec 2 15:07:16 2022
Last Update Attempt: Fri Dec 2 15:07:16 2022
Result: Updates Installed

...

2317
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.