Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbabic
Staff
Staff

Created on ‎08-16-2019 06:26 AM Edited on ‎12-28-2022 01:53 AM By Moderator

Article Id 197371

Technical Tip: Changing the IPS database

Description


This article describes how to change the IPS Database on a FortiGate unit.

Currently, it is possible to change between the regular and extended IPS database.
The regular database protects against the latest common attacks where the extended one includes the latest and also the legacy attacks.
Some models have access to the extended IPS Database by default but this depends on the unit capacity. The extended database may affect the performance of the FortiGate unit so depending on the model of the FortiGate unit, the extended database package may not be enabled by default.

Scope

 

Any currently supported version of FortiGate.

Solution


Database changing can be configured as below.

To use the extended database:

 

# config ips global

set database extended

end


To use the regular database:

 

# config ips global

set database regular

end

 

Note: Only one of the databases can be used at the same time. For example: if the regular database is in use, the extended database will not receive automatic updates from FortiGuard.

 

The following output is expected when the regular database is used:

 

# get system status
Version: FortiGate-100F v7.0.9,build0444,221121 (GA.M)
Firmware Signature: certified
Virus-DB: 90.08760(2022-12-15 12:20)
Extended DB: 90.08760(2022-12-15 12:19)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 22.00464(2022-12-27 17:53) <---------------------
IPS-ETDB: 0.00000(2001-01-01 00:00) <--------------------
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

...

# diagnose autoupdate version | grep "Attack " -A 6
IPS Attack Engine
---------
Version: 7.00142
Contract Expiry Date: Sun Jul 9 2023
Last Updated using manual update on Fri Sep 23 22:56:00 2022
Last Update Attempt: Tue Dec 27 22:14:55 2022
Result: No Updates
--
Attack Definitions
---------
Version: 22.00464
Contract Expiry Date: Sun Jul 9 2023
Last Updated using scheduled update on Tue Dec 27 20:58:42 2022
Last Update Attempt: Tue Dec 27 22:14:55 2022
Result: No Updates
--
Attack Extended Definitions
---------
Version: 0.00000
Contract Expiry Date: Sun Jul 9 2023
Last Updated using manual update on Mon Jan 1 00:00:00 2001
Last Update Attempt: Tue Dec 27 11:47:20 2022
Result: Connectivity failure
--
Industrial Attack Definitions
---------
Version: 6.00741
Contract Expiry Date: n/a
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: Tue Dec 27 22:14:55 2022
Result: Unauthorized

 

GUI - IPS Attack DefinitionsGUI - IPS Attack Definitions

11028
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.