FG60E (7.2.5), FortiGate update failed / Fortigate idsurldb signature is missing or invalid
As of 01:35 (timezone +01:00) on 17-Jul-2023, we're getting update errors every 30 minutes. We're in the UK. If I change [system > fortiguard > updates] to restrict to "US only" servers (not the default "lowest latency" servers), then manually updating appears to work. Changing back to "lowest latency" and manually updating fails. As of 10:25 ish this morning, scheduled updates are still failing.
The issue you're facing with your FortiGate FG60E device, where updates are failing and there are issues with the `idsurldb` signature, is not uncommon. It appears there might be issues either with the FortiGuard servers or with the path your device takes to reach them. Here's how you can troubleshoot and potentially resolve the issue:
1. **Test Connectivity**: Ensure that your FortiGate can reach the FortiGuard servers. You can do this by using the command: ``` execute ping service.fortiguard.net ```
2. **DNS Issues**: Sometimes, DNS resolution problems can cause these issues. Ensure your FortiGate's DNS settings are correctly configured. Test with a public DNS like Google's `126.96.36.199` to see if that resolves the issue.
3. **Proxy or Firewall**: If there's a web proxy or another firewall in your network, ensure that it isn't blocking or filtering the FortiGate's attempts to reach the FortiGuard servers.
4. **Check License**: Ensure your FortiGuard licenses are valid and have not expired. An expired license can prevent updates.
5. **Logs & Debug**: Check the FortiGate logs for any further information regarding the update failures. Additionally, you can enable debugging for updates to get more detailed information: ``` diagnose debug update application ips enable diagnose debug enable ``` After running the above commands, try to update again and observe the debug messages for any clues. Remember to disable debugging after you're done: ``` diagnose debug disable ```
6. **Manual Update**: As a temporary solution, you can download the latest `idsurldb` database and other updates from the Fortinet support site and manually update the FortiGate.
7. **Firmware Update**: Sometimes, firmware updates can resolve such issues. If there's a newer version of FortiOS available, consider updating your device (after backing up your configuration and ensuring you've read the release notes).
8. **FortiGuard Server Selection**: As you mentioned, selecting specific FortiGuard servers (e.g., "US only") seemed to help. It's possible that some FortiGuard servers in the "lowest latency" pool are having issues or are being blocked/routed inefficiently from your location. You can temporarily use the "US only" setting, or if there's a more geographically appropriate server selection, use that until the issue is resolved.
9. **Contact Fortinet Support**: If none of the above steps resolves the issue, it would be best to contact Fortinet's technical support. They might be aware of any widespread issues or can provide specific assistance for your situation.
Lastly, always ensure you have backups of your configuration before making any significant changes or updates to your FortiGate device.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.