FG61F idsurldb signature is missing or invalid

Broadtec · ‎06-20-2024

I am using an FG-61F with firmware version v7.2.8 build1639 (GA). Since last night, I have been continuously receiving the following two messages:

Fortigate scheduled update failed.
Fortigate idsurldb signature is missing or invalid.

I have already tried the solution provided in this article:
https://community.fortinet.com/t5/Support-Forum/FortiGate-database-signature-invalid-on-FGT-60F-7-2/...,
but it seems to be ineffective.

How can I resolve the issue of the invalid signature and the update failure?

DPadula · ‎06-20-2024

Hi Broadtec,

Try the following procedure:

Step1: Run the following commands

diag autoupdate version | grep 'Internet-service' -A6 diagnose internet-service clear /data2/ffdb_app diagnose internet-service clear /data2/ffdb_map execute update-now

Step2: Wait 3-5 min

Step3: Run the following command again
diag autoupdate version | grep 'Internet-service' -A6

Broadtec · ‎06-20-2024

After executing the command, I received the following message:
=======================================================

FortiGate-61F # diag autoupdate version | grep 'Internet-service' -A6
Internet-service Standard Database
---------
Version: 7.03741 signed
Contract Expiry Date: n/a
Last Updated using manual update on Fri Jun 21 13:50:30 2024
Last Update Attempt: Fri Jun 21 13:56:37 2024
Result: No Updates

FortiGate-61F # diagnose internet-service clear /data2/ffdb_app
File /data2/ffdb_app has been successfully deleted.

FortiGate-61F # diagnose internet-service clear /data2/ffdb_map
File /data2/ffdb_map has been successfully deleted.

FortiGate-61F # diag autoupdate version | grep 'Internet-service' -A6
Internet-service Standard Database
---------
Version: 0.00000 signed
Contract Expiry Date: n/a
Last Updated using manual update on Fri Jun 21 13:50:30 2024
Last Update Attempt: Fri Jun 21 13:56:37 2024
Result: No Updates

FortiGate-61F # execute update-now

FortiGate-61F # diag autoupdate version | grep 'Internet-service' -A6
Internet-service Standard Database
---------
Version: 7.03741 signed
Contract Expiry Date: n/a
Last Updated using manual update on Fri Jun 21 14:17:51 2024
Last Update Attempt: Fri Jun 21 14:17:51 2024
Result: Updates Installed

FortiGate-61F #

=======================================================

I will observe for a day to confirm if the issue has been resolved.

candawi · ‎06-20-2024

Monitor it for a day and if logs are still populating by then, please raise a ticket with TAC.

lst3010 · ‎06-21-2024

Hello,

I encountered the same issue on my side (FortiGate 201E, FortiOS v7.2.8 build 1639) also starting yesterday. Executed commands recommended by @DPadula and in the CLI it seems OK:

FortiGate-Cluster-Name (global) # diagnose autoupdate version | grep 'Internet-service' -A6
Internet-service Full Database
---------
Version: 7.03741 signed
Contract Expiry Date: n/a
Last Updated using manual update on Thu Jun 20 17:25:00 2024
Last Update Attempt: Fri Jun 21 10:48:09 2024
Result: No Updates

FortiGate-Cluster-Name (global) # diag internet-service clear /data2/ffdb_app
File /data2/ffdb_app has been successfully deleted.

FortiGate-Cluster-Name (global) # diag internet-service clear /data2/ffdb_map
File /data2/ffdb_map has been successfully deleted.

FortiGate-Cluster-Name (global) # execute update-now

FortiGate-Cluster-Name (global) # diagnose autoupdate version | grep 'Internet-service' -A6
Internet-service Full Database
---------
Version: 7.03741 signed
Contract Expiry Date: n/a
Last Updated using manual update on Thu Jun 20 17:25:00 2024
Last Update Attempt: Fri Jun 21 11:08:49 2024
Result: No Updates

FortiGate-Cluster-Name (global) # diagnose autoupdate version | grep 'Internet-service' -A6
Internet-service Full Database
---------
Version: 7.03741 signed
Contract Expiry Date: n/a
Last Updated using manual update on Fri Jun 21 11:09:04 2024
Last Update Attempt: Fri Jun 21 11:09:04 2024
Result: Updates Installed

## checking back later

FortiGate-Cluster-Name (global) # diagnose autoupdate version | grep 'Internet-service' -A6
Internet-service Full Database
---------
Version: 7.03741 signed
Contract Expiry Date: n/a
Last Updated using manual update on Fri Jun 21 11:09:04 2024
Last Update Attempt: Fri Jun 21 11:17:30 2024
Result: No Update

But when I check the system logs for this manually initiated update in the WebUI, the issue seems to have been encountered as before:

I'll keep an eye on it as recommended as I'm not entierly confident the issue was resolved.

Best regards

DPadula · ‎06-22-2024

Hi lst3010,

Glad that I could help, once you check again in few days mark the reply as solution to help other on our community.
Thank you for the reply.

Broadtec · ‎06-21-2024

I noticed that the system time on the FG-61F was 15 minutes slow, and the NTP time synchronization with time.windows.com had failed for some reason. After correcting the time and running execute update-now, there were no error messages.

However, I was mistaken, as the issue has reappeared.

rfinney · ‎06-21-2024

Seeing the same logs starting at 11:42 am EDT yesterday.

srajeswaran · ‎06-23-2024

This issue is fixed from IPS Malicious URL Database 5.00088. Could you please try a "exe update-ips" (if its not updated already based on your schedule) and check?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Broadtec · ‎06-25-2024

This issue resolved itself after 24 hours and did not recur while I was on leave.

FG61F idsurldb signature is missing or invalid

Nominate a Forum Post for Knowledge Article Creation