Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lmbrd
New Contributor III

Created on ‎07-24-2023 05:36 AM

ISDB update through REST API from file "ffdb_..."

Hello, community

I am trying to update the database ISDB through REST API FortiOS from file "ffdb_...". Which db_name should I use? The REST API Reference does not say about it? Also, when I try to update through web from file "ffdb_...": Fortiguard→ Firmware & General Updates I get the error: "Failed to upgrade database"

Снимок.PNG

Labels:
3967
0 Kudos
1 Solution
Richie_C
Staff
Staff
In response to Richie_C

Created on ‎07-31-2023 02:32 AM

Hi

After some more investigation, it seems that a manual ISDB update via the GUI is not possible in the version you are running (6.4 or 7.0). A manual update is only possible via CLI. This is described in the following documents:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Manual-Update-of-Internet-Service-Database...


https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-upgrade-ISDB-database-with...

 

However, I tested some other versions and can see that the functionality you require is available in 7.2 and 7.4. We can see a new button specifically for upgrading the ISDB.

ISDB-7point2.JPG

 

I tested the functionality in my lab and i was able to successfully upgrade the ISDB using the GUI.

 

Thanks

Take a backup before making any changes

View solution in original post

3488
20 REPLIES 20
lmbrd
New Contributor III
In response to Richie_C

Created on ‎07-24-2023 10:28 AM

600E
v6.4.12 build2060 (GA)
2056
0 Kudos
Richie_C
Staff
Staff
In response to lmbrd

Created on ‎07-24-2023 01:12 PM 

      "last_update":1689746781,
      "last_update_attempt":1689839411,

It looks like it worked last week. It was successfully updated 5 days ago. Maybe something has changed? 

Take a backup before making any changes
2051
0 Kudos
lmbrd
New Contributor III
In response to Richie_C

Created on ‎07-24-2023 07:23 PM

No, every week I update databases via CLI (execute restore other-objects). But now I'm trying to do it via API. 

2047
0 Kudos
lmbrd
New Contributor III
In response to lmbrd

Created on ‎07-24-2023 07:51 PM

Could you watch the video?

https://youtu.be/HyyLS5mLZJI

Is it correct to upload "ffdb_" file in "Firmware & General Updates"?

Does it work via web? 

When I trying to upload file is sends file_content data in "appctrl" database. I think this is the error

2043
0 Kudos
Richie_C
Staff
Staff
In response to lmbrd

Created on ‎07-25-2023 01:03 AM

I will try it in my lab over the coming days and see if i can replicate it.

 

 

 

Take a backup before making any changes
1997
0 Kudos
Richie_C
Staff
Staff
In response to Richie_C

Created on ‎07-27-2023 06:32 AM

I think i have the same behaviour in the lab. Could you please confirm something?

 

  • Try the update from the GUI
  • Run the following commands at the same time:
    • diagnose debug enable
    • diagnose debug application update -1
  • When the process has finished, disable the debug:
    • diag debug disable
    • diag debug reset

Please post the output.

thanks

Richard

Take a backup before making any changes
1967
lmbrd
New Contributor III
In response to Richie_C

Created on ‎07-27-2023 08:47 PM Edited on ‎07-27-2023 10:07 PM

thx Richard, this is what I have:
Trying update ISDB from ffdb file:

 

fw01 (global) # diagnose debug enable

fw01 (global) # diagnose debug application update -1
Debug messages will be on for 30 minutes.

fw01 (global) # upd_manual_idsdb[189]-Updating ids db
upd_status_save_status[144]-try to save on status file
upd_status_save_status[215]-Status file is up-to-date
upd_manual_idsdb[252]-No updates

 

For example update via apdb file success:

 

fw01 (global) # upd_manual_idsdb[189]-Updating ids db
doInstallUpdatePackage[1007]-Full obj found for APDB001
doInstallUpdatePackage[1017]-Updating obj APDB
installUpdateObject[342]-Step 1:Unpack obj 38, Total=1, cur=0
installUpdateObject[371]-Step 2:Prepare temp file for obj 38
installUpdObjRest[657]-Step 5:Backup /etc/application.rules->/tmp/update.backup
installUpdObjRest[671]-Step 6:Copy new object /tmp/updHalEYz->/etc/application.rules
installUpdObjRest[729]-Step 7:Validate object
installUpdObjRest[753]-Step 8:Re-initialize using new obj file
installUpdObjRest[765]-Step 9:Delete backup /tmp/update.backup
waitUpdateProcess[981]-ips_update_flush pid=6925 exit code 0

__update_status[1215]-APDB001 installed successfully
upd_status_save_status[144]-try to save on status file
upd_status_save_status[210]-Wrote status file
upd_manual_idsdb[223]-Update successful on appdb(38,1)

 

1957
0 Kudos
Richie_C
Staff
Staff
In response to lmbrd

Created on ‎07-28-2023 08:19 AM

Its strange indeed. from the output, it seems that the FortiGate is already up-to-date.

 

I will do a few upgrades and see if the behaviour is the same.

Take a backup before making any changes
1923
0 Kudos
Richie_C
Staff
Staff
In response to Richie_C

Created on ‎07-31-2023 02:32 AM

Hi

After some more investigation, it seems that a manual ISDB update via the GUI is not possible in the version you are running (6.4 or 7.0). A manual update is only possible via CLI. This is described in the following documents:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Manual-Update-of-Internet-Service-Database...


https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-upgrade-ISDB-database-with...

 

However, I tested some other versions and can see that the functionality you require is available in 7.2 and 7.4. We can see a new button specifically for upgrading the ISDB.

ISDB-7point2.JPG

 

I tested the functionality in my lab and i was able to successfully upgrade the ISDB using the GUI.

 

Thanks

Take a backup before making any changes
3489
lmbrd
New Contributor III
In response to Richie_C

Created on ‎08-01-2023 04:05 AM

Ok,thank you very much for the detailed analysis, Richard

1846
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.