FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 194451


This article explains how to manually update the Antivirus Definition and Engine for a FortiGate.




FortiGate, FortiManager.



It is recommended to have automatic updates enabled in either the FortiGate or the FortiManager that manages updates for the FortiGates without internet access.
Doing so allows the FortiGates to benefit from the latest virus definition packages as soon as they are updated.
To update the definitions manually instead:
  1. Log in to the Customer Service & Support web portal at

  2. Navigate to Support -> Service updates -> Download and find the FortiGate device model to update. 

  3. Select the corresponding link for 'Virus Definition' and download the .ETDB file after completing the security check.

  4. Optionally, verify the file integrity by comparing the locally generated MD5 hash of the file with the one provided at the (MD5) link.
This process will upgrade both the Antivirus definitions and the Antivirus engine.
The Antivirus engines are not publicly available for download. They are usually provided through technical support cases to help address certain unwanted behaviors.
How to check current versions.

In the Web GUI:

Navigate to System -> FortiGuard -> AV Definitions.
In the CLI:

Run the following command to check the current Antivirus definition or engine versions:

diagnose autoupdate versions | grep Virus -A2
diagnose autoupdate versions | grep Engine -A2


In this case, the Virus Definitions version is 0 and the Antivirus engine shows (6.)276 (the same as in the GUI example).
The 6. is not relevant - this is only used to identify the FortiOS version that it comes with.
  1. Updating the Antivirus Definition or Antivirus engine can only be done through the Web GUI after selecting'Upgrade Database':



    Sometimes, for the AntiVirus engines provided by support representatives, there may be a warning that requires confirmation:




    In some cases, the 'Failed to upgrade database' may appear:




    This occurs if the AntiVirus engine is not meant to be used in the FortiOS version currently being run or, less likely if the file integrity has been compromised (usually due to incomplete downloads). 


    In this example, an upgrade is performed from version 276 to 283:




    The following message appears briefly:




    After refreshing, the version change is reflected in the AntiVirus status.