Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lmbrd
New Contributor III

ISDB update through REST API from file "ffdb_..."

Hello, community

I am trying to update the database ISDB through REST API FortiOS from file "ffdb_...". Which db_name should I use? The REST API Reference does not say about it? Also, when I try to update through web from file "ffdb_...": Fortiguard→ Firmware & General Updates I get the error: "Failed to upgrade database"

Снимок.PNG

1 Solution
Richie_C

Hi

After some more investigation, it seems that a manual ISDB update via the GUI is not possible in the version you are running (6.4 or 7.0). A manual update is only possible via CLI. This is described in the following documents:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Manual-Update-of-Internet-Service-Database...


https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-upgrade-ISDB-database-with...

 

However, I tested some other versions and can see that the functionality you require is available in 7.2 and 7.4. We can see a new button specifically for upgrading the ISDB.

ISDB-7point2.JPG

 

I tested the functionality in my lab and i was able to successfully upgrade the ISDB using the GUI.

 

Thanks

Take a backup before making any changes

View solution in original post

20 REPLIES 20
lmbrd
New Contributor III

600E
v6.4.12 build2060 (GA)
Richie_C

      "last_update":1689746781,
      "last_update_attempt":1689839411,

It looks like it worked last week. It was successfully updated 5 days ago. Maybe something has changed? 

Take a backup before making any changes
lmbrd
New Contributor III

No, every week I update databases via CLI (execute restore other-objects). But now I'm trying to do it via API. 

lmbrd
New Contributor III

Could you watch the video?

https://youtu.be/HyyLS5mLZJI

Is it correct to upload "ffdb_" file in "Firmware & General Updates"?

Does it work via web? 

When I trying to upload file is sends file_content data in "appctrl" database. I think this is the error

Richie_C

I will try it in my lab over the coming days and see if i can replicate it.

 

 

 

Take a backup before making any changes
Richie_C

I think i have the same behaviour in the lab. Could you please confirm something?

 

  • Try the update from the GUI
  • Run the following commands at the same time:
    • diagnose debug enable
    • diagnose debug application update -1
  • When the process has finished, disable the debug:
    • diag debug disable
    • diag debug reset

Please post the output.

thanks

Richard

Take a backup before making any changes
lmbrd
New Contributor III

thx Richard, this is what I have:
Trying update ISDB from ffdb file:

 

fw01 (global) # diagnose debug enable

fw01 (global) # diagnose debug application update -1
Debug messages will be on for 30 minutes.

fw01 (global) # upd_manual_idsdb[189]-Updating ids db
upd_status_save_status[144]-try to save on status file
upd_status_save_status[215]-Status file is up-to-date
upd_manual_idsdb[252]-No updates

 

For example update via apdb file success:

 

fw01 (global) # upd_manual_idsdb[189]-Updating ids db
doInstallUpdatePackage[1007]-Full obj found for APDB001
doInstallUpdatePackage[1017]-Updating obj APDB
installUpdateObject[342]-Step 1:Unpack obj 38, Total=1, cur=0
installUpdateObject[371]-Step 2:Prepare temp file for obj 38
installUpdObjRest[657]-Step 5:Backup /etc/application.rules->/tmp/update.backup
installUpdObjRest[671]-Step 6:Copy new object /tmp/updHalEYz->/etc/application.rules
installUpdObjRest[729]-Step 7:Validate object
installUpdObjRest[753]-Step 8:Re-initialize using new obj file
installUpdObjRest[765]-Step 9:Delete backup /tmp/update.backup
waitUpdateProcess[981]-ips_update_flush pid=6925 exit code 0

__update_status[1215]-APDB001 installed successfully
upd_status_save_status[144]-try to save on status file
upd_status_save_status[210]-Wrote status file
upd_manual_idsdb[223]-Update successful on appdb(38,1)

 

Richie_C

Its strange indeed. from the output, it seems that the FortiGate is already up-to-date.

 

I will do a few upgrades and see if the behaviour is the same.

Take a backup before making any changes
Richie_C

Hi

After some more investigation, it seems that a manual ISDB update via the GUI is not possible in the version you are running (6.4 or 7.0). A manual update is only possible via CLI. This is described in the following documents:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Manual-Update-of-Internet-Service-Database...


https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-upgrade-ISDB-database-with...

 

However, I tested some other versions and can see that the functionality you require is available in 7.2 and 7.4. We can see a new button specifically for upgrading the ISDB.

ISDB-7point2.JPG

 

I tested the functionality in my lab and i was able to successfully upgrade the ISDB using the GUI.

 

Thanks

Take a backup before making any changes
lmbrd
New Contributor III

Ok,thank you very much for the detailed analysis, Richard

Top Kudoed Authors