Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
networm
New Contributor II

Fortigate Some Signatures Not Updating

Hi,

Some signatures not updating.

How can i solve this ? 

IPS DefinitionsVersion 27.00741
IPS EngineVersion 7.00524
Malicious URLsVersion 1.00001
Botnet IPsVersion 0.00000
Botnet DomainsVersion 3.00672
10 REPLIES 10
lgupta
Staff
Staff

Hello networm, Good day!


Can you please share the output of the following:

 

diag autoupdate versions

Please hide sensitive information before sharing the output.

Thank you

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
networm
New Contributor II

AV Engine
---------
Version: 7.00021 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Oct 26 23:29:00 2023
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

Virus Definitions
---------
Version: 92.02044 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using notify update on Fri Mar 1 19:44:19 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

Extended set
---------
Version: 92.02044 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using notify update on Fri Mar 1 19:44:19 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

Extreme set
---------
Version: 1.00000 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Mon Apr 9 18:07:00 2018
Last Update Attempt: n/a
Result: Updates Installed

Mobile Malware Definitions
---------
Version: 92.02044 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using notify update on Fri Mar 1 19:44:19 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

IPS Attack Engine
---------
Version: 7.00524 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Mon Nov 27 18:30:00 2023
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

Attack Definitions
---------
Version: 6.00741 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed

Attack Extended Definitions
---------
Version: 27.00741 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Feb 29 22:11:02 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

Application Definitions
---------
Version: 6.00741 signed
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: Unauthorized

OT Threat Definitions
---------
Version: 26.00740 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Feb 29 22:11:02 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

FMWP Definitions
---------
Version: 0.00000
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

IPS Malicious URL Database
---------
Version: 1.00001 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Jan 1 01:01:00 2015
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: Unauthorized

IoT Detect Definitions
---------
Version: 27.00741 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Feb 29 22:11:02 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

OT Detect Definitions
---------
Version: 27.00741 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Feb 29 22:11:02 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

OT Patch Definitions
---------
Version: 26.00740 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Feb 29 22:11:02 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

Flow-based Virus Definitions
---------
Version: 92.02044 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using notify update on Fri Mar 1 19:44:19 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

Botnet Domain Database
---------
Version: 3.00672 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using notify update on Fri Mar 1 18:00:01 2024
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

Proxy Attack Definitions
---------
Version: 6.00741 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: n/a
Result: Updates Installed

Proxy Attack Extended Definitions
---------
Version: 27.00741 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Feb 29 22:11:02 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

Proxy Application Definitions
---------
Version: 6.00741 signed
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: Unauthorized

Internet-service Full Database
---------
Version: 0.00000
Contract Expiry Date: n/a
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

Device and OS Identifications
---------
Version: 1.00163
Contract Expiry Date: Tue Nov 29 2016
Last Updated using scheduled update on Thu Feb 29 23:50:18 2024
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

URL Allow list
---------
Version: 0.00000
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

DLP Signatures
---------
Version: 0.00000
Contract Expiry Date: n/a
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

IP Geography DB
---------
Version: 3.00172
Contract Expiry Date: n/a
Last Updated using manual update on Thu Apr 13 04:23:00 2023
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

Certificate Bundle
---------
Version: 1.00048
Contract Expiry Date: n/a
Last Updated using manual update on Tue Dec 12 15:00:00 2023
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

Malicious Certificate DB
---------
Version: 1.00469
Contract Expiry Date: Mon Apr 1 2024
Last Updated using manual update on Thu Feb 29 21:22:57 2024
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

Mac Address Database
---------
Version: 1.00143
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Tue Dec 6 09:00:00 2022
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

AntiPhish Pattern DB
---------
Version: 0.00000
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Tue Nov 30 00:00:00 1999
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

AI/Machine Learning Malware Detection Model
---------
Version: 2.14969 signed
Contract Expiry Date: Mon Apr 1 2024
Last Updated using notify update on Fri Mar 1 19:58:15 2024
Last Update Attempt: Fri Mar 1 20:23:53 2024
Result: No Updates

ICDB Database
---------
Version: 0.00000
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

Inline CASB Database
---------
Version: 1.00004
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Tue Dec 5 02:18:00 2023
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

Modem List
---------
Version: 0.000

Security Rating Data Package
---------
Version: 5.00031
Contract Expiry Date: Tue Nov 29 2016
Last Updated using manual update on Thu Feb 29 21:22:57 2024
Last Update Attempt: Sat Mar 11 00:17:27 2023
Result: Connectivity failure

FDS Address
---------

 

sahmed_FTNT
Staff
Staff

Kindly verify , the licenses are updated and Fortiguard servers are reachable

Security all we want
AEK
SuperUser
SuperUser

Hi

Which FortiGate model and FortiOS version?

Is it ATP or UTP license?

Is the license still valid?

Please run the below and share the output:

diag debug application update -1 
diag debug enable
exec update-now
AEK
AEK
networm
New Contributor II

Hi,

Fortigate 3700D , latest version.


Yes license valid until 01/04/2024

 

[56] __ntfd_peer_vfy: Server certificate failed verification. Error: 9 (certificate is not yet valid), depth: 0, subject: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FDS/CN=fds1.fortinet.com/emailAddress=support@fortinet.com.
[56] __ntfd_peer_vfy: Server certificate failed verification. Error: 9 (certificate is not yet valid), depth: 0, subject: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FDS/CN=fds1.fortinet.com/emailAddress=support@fortinet.com.
[56] __ntfd_peer_vfy: Server certificate failed verification. Error: 9 (certificate is not yet valid), depth: 0, subject: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FDS/CN=fds1.fortinet.com/emailAddress=support@fortinet.com.

Raghu_Kumar
Staff
Staff

Hello,

 

Please update the output of the following:

di de rating

show system fortiguard

 

Recommended system fortiguard setting:

config system fortiguard

set fortiguard-anycast disable

set protocol udp

set port 8888

set sdns-server-ip 208.91.112.220

end

 

After few minutes:

diag debug application update -1 
diag debug enable
exec update-now

After few minutes see if the signatures are updated,

 

If not then try manual update as follows:

This article describes how to update the 'IPS Malicious URL Database' manually.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-update-the-IPS-Malicious-URL-Databa....

 

Regards,

 

Raghuram Kumar
networm
New Contributor II

do_update[665]-Starting now UPDATE (final try)
__update_upd_comp_by_settings[480]-Disabling FLEN components.
__update_upd_comp_by_settings[484]-Disabling NIDSDB/ISDB/MUDB components.
__update_upd_comp_by_settings[488]-Disabling APPDB/IOTDB/OTDB components.
__update_upd_comp_by_settings[492]-Disabling AVEN components.
__update_upd_comp_by_settings[496]-Disabling AVDB/FLDB/MMDB components.
upd_fds_load_default_server6[1046]-Resolve and add fds update.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[497] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[517] ssl_ctx_use_builtin_store: Enable CRL checking.
[524] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[828] ssl_ctx_create_new: SSL CTX is created
[855] ssl_new: SSL object is created
[191] ssl_add_ftgd_hostname_check: Add hostname checking 'update.fortiguard.net'...
__upd_peer_vfy[334]-Server certificate OK.
[362] __ssl_crl_verify_cb: Cert error 9, certificate is not yet valid. Depth 0
__upd_peer_vfy[329]-Server certificate failed verification. Error: 9 (certificate is not yet valid), depth: 0, subject: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FDS/CN=fds1.fortinet.com/emailAddress=support@fortinet.com.
[1063] ssl_connect: SSL_connect failes: error:0A000086:SSL routines::certificate verify failed
ssl_connect_fds[393]-Failed SSL connecting (5,0,Success)
[207] __ssl_data_ctx_free: Done
[1108] ssl_free: Done
[199] __ssl_cert_ctx_free: Done
[1118] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[497] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[517] ssl_ctx_use_builtin_store: Enable CRL checking.
[524] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[828] ssl_ctx_create_new: SSL CTX is created
[855] ssl_new: SSL object is created
[191] ssl_add_ftgd_hostname_check: Add hostname checking 'update.fortiguard.net'...
__upd_peer_vfy[334]-Server certificate OK.
[362] __ssl_crl_verify_cb: Cert error 9, certificate is not yet valid. Depth 0
__upd_peer_vfy[329]-Server certificate failed verification. Error: 9 (certificate is not yet valid), depth: 0, subject: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FDS/CN=fds1.fortinet.com/emailAddress=support@fortinet.com.
[1063] ssl_connect: SSL_connect failes: error:0A000086:SSL routines::certificate verify failed
ssl_connect_fds[393]-Failed SSL connecting (5,0,Success)
[207] __ssl_data_ctx_free: Done
[1108] ssl_free: Done
[199] __ssl_cert_ctx_free: Done
[1118] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 173.243.138.71:443
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[497] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[517] ssl_ctx_use_builtin_store: Enable CRL checking.
[524] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[828] ssl_ctx_create_new: SSL CTX is created
[855] ssl_new: SSL object is created
[191] ssl_add_ftgd_hostname_check: Add hostname checking 'update.fortiguard.net'...
__upd_peer_vfy[334]-Server certificate OK.
[362] __ssl_crl_verify_cb: Cert error 9, certificate is not yet valid. Depth 0
__upd_peer_vfy[329]-Server certificate failed verification. Error: 9 (certificate is not yet valid), depth: 0, subject: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FDS/CN=fds1.fortinet.com/emailAddress=support@fortinet.com.
[1063] ssl_connect: SSL_connect failes: error:0A000086:SSL routines::certificate verify failed
ssl_connect_fds[393]-Failed SSL connecting (5,0,Success)
[207] __ssl_data_ctx_free: Done
[1108] ssl_free: Done
[199] __ssl_cert_ctx_free: Done
[1118] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_update[675]-UPDATE failed
[56] __ntfd_peer_vfy: Server certificate failed verification. Error: 9 (certificate is not yet valid), depth: 0, subject: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FDS/CN=fds1.fortinet.com/emailAddress=support@fortinet.com.
[56] __ntfd_peer_vfy: Server certificate failed verification. Error: 9 (certificate is not yet valid), depth: 0, subject: /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FDS/CN=fds1.fortinet.com/emailAddress=support@fortinet.com.

AEK
SuperUser
SuperUser

Is there a proxy between FortiGate and Internet?

Also check if FGT system time is synchronized.

AEK
AEK
networm
New Contributor II

Is in the nat.

All databases updating succesfully but they are not updating.

 

Latest LOG:


upd_status_extract_alci_info[1391]-Finished reading account contracts

installUpdObjRest[1062]-Step 9:Delete backup /tmp/update.backup
installUpdObjRest[1101]-Step 10:Tell parent to respawn
upd_install_pkg[1435]-AVEN028 is up-to-date
upd_install_pkg[1435]-AVDB002 is up-to-date
upd_install_pkg[1435]-AVDB007 is up-to-date
upd_install_pkg[1435]-AVDB004 is up-to-date
upd_install_pkg[1435]-AVDB019 is up-to-date
upd_install_pkg[1461]-FCNI000(fcni) installed successfully
upd_install_pkg[1461]-FDNI000(fdslist) installed successfully
upd_install_pkg[1461]-FSCI000(contract) installed successfully
upd_install_pkg[1435]-FLEN076 is up-to-date
upd_install_pkg[1435]-FLDB002 is up-to-date
upd_install_pkg[1435]-NIDS026 is up-to-date
upd_install_pkg[1435]-NIDS056 is up-to-date
upd_install_pkg[1441]-MUDB001 is unauthorized
upd_install_pkg[1441]-APDB001 is unauthorized
upd_install_pkg[1441]-APDB051 is unauthorized
upd_install_pkg[1441]-FMWP001 is unauthorized
upd_install_pkg[1435]-ISDB001 is up-to-date
upd_install_pkg[1435]-IOTD001 is up-to-date
upd_install_pkg[1435]-OTDB001 is up-to-date
upd_install_pkg[1435]-OTDB002 is up-to-date
upd_install_pkg[1441]-CIDB001 is unauthorized
upd_install_pkg[1441]-IPGO000 is unauthorized
upd_install_pkg[1441]-FFDB020 is unauthorized
upd_install_pkg[1441]-UWDB001 is unauthorized
upd_install_pkg[1441]-DLDB000 is unauthorized
upd_install_pkg[1435]-CRDB000 is up-to-date
upd_install_pkg[1435]-MMDB001 is up-to-date
upd_install_pkg[1435]-DBDB001 is up-to-date
upd_install_pkg[1435]-SFAS000 is up-to-date
upd_install_pkg[1435]-MCDB001 is up-to-date
upd_install_pkg[1461]-ALCI000(alci) installed successfully
upd_install_pkg[1441]-MADB002 is unauthorized
upd_install_pkg[1441]-AFDB001 is unauthorized
upd_install_pkg[1441]-ICDB001 is unauthorized
upd_install_pkg[1441]-CASB002 is unauthorized
upd_status_save_status[135]-try to save on status file
upd_status_save_status[201]-Wrote status file
__upd_act_update[319]-Package installed successfully
upd_comm_disconnect_fds[500]-Disconnecting FDS 149.5.232.66:443
[207] __ssl_data_ctx_free: Done
[1108] ssl_free: Done
[199] __ssl_cert_ctx_free: Done
[1118] ssl_ctx_free: Done
[1099] ssl_disconnect: Shutdown
do_update[696]-UPDATE successful

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors