Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎10-08-2004 12:00 AM Edited on ‎06-03-2022 09:07 AM By Community Manager

Article Id 191094

Troubleshooting Tip: Antivirus update

Article

Description

This article describes how to diagnose anti virus engine and antivirus definition update issues.

If the antivirus engine or antivirus definition version says '0.00' contact the local Fortinet Support site.
Fortinet Products All FortiGates..

Steps

Before contacting Technical Support, verify the following settings:

 

- A valid DNS server has been configured for the FortiGate unit. Try the CLI command exec ping service.fortiguard.net. 

The FortiGate should be able to resolve the DNS name to an IP.

Note that if a host behind the FortiGate is able to resolve DNS name does not necessarily mean that the FortiGate can since the two can be configured with different DNS servers.

- The FortiGate unit has a valid default gateway set.

Try pinging a public Internet address to test the default gateway.

 

Try the following connectivity tests:

1) Log in to the FortiGate CLI using a console cable or Telnet/SSH session.

2) Verify that the FortiGate unit can contact the secondary Fortinet Distribution Network (FDN) server by pinging the server from the command line interface (CLI). Enter exec ping fds1.Fortinet.com.

If the secondary server does not respond to the ping, confirm routing and DNS settings as described above.

 

3) If the secondary server responds to the ping, the specific update traffic may be blocked in the network.

In Transparent mode, the Management IP should be mapped to a routable IP.


4) The IP must be reachable from the Internet. Set up a traffic analyzer on the management LAN segment and capture the traffic on this network during an attempted update.

 

Look for the following protocols which the FortiGate unit uses to connect to the FDN:

 

- TCP/443 port is used for the SSL connection to retrieve the updates.
- UDP/9443 is for receiving PUSH announcements.
 

 5) The FortiGate has a diagnose command to monitor the traffic on an interface. Enter: 


# diag sniff packet any 'port 9443'


Enter get sys time from the CLI to make sure that the certificates are not being invalidated by incorrect system time.
Enter # get sys auto from the CLI, if the last update status is Unauthorized, the coverage may have expired


Contacting Fortinet Technical Support.


Prepare the following diagnostic information before contacting technical support.

 

1) Log in to the FortiGate CLI using a console cable or Telnet/SSH session.


2) Enter:


# dia debug enable

# dia debug app up 3

 

3) From the web based manager, select Update Now on the system update page.


4) Capture the output of the console session to a file and send it along with the ticket number to the appropriate support department. 

 

Labels:
7570
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.