Description
This article describes how to manually upgrade the IPS Engine on a FortiGate.
The IPS Engine can be upgraded manually as follows:
Login to the FortiGate GUI and go to:System -> FortiGuard -> Intrusion and Database -> Upload.
Solution
The IPS Engine can be upgraded manually as follows:
Log in to the Customer Service & Support web portal:
On the main dashboard, select Support -> Service Updates:
Select the OS version and download the 'Attack definition' file:
Note:
Support Engineers would provide an IPS Package if upgrading IPS Engine is due to IPS Process crashes
Collect the IPS engine processid and uptime values with the following CLI command:
diagnose test application ipsmonitor 1
Login to the FortiGate GUI and go to System -> FortiGuard -> IPS & Application Control -> Upgrade Database -> Upload.
Note:
The version information can be seen in the GUI. Version 4.00035 is used in the above example.
In the CLI:
diag autoupdate versions | grep "IPS Attack" -A 6
FGT800D-1 # diagnose autoupdate versions | grep "IPS Attack" -A 6
IPS Attack Engine
---------
Version: 4.00035
Contract Expiry Date: Fri Jan 10 2020
Last Updated using manual update on Wed Aug 28 13:07:23 2019
Last Update Attempt: Wed Aug 28 10:34:13 2019
Result: No Updates
IPS Attack Engine
---------
Version: 4.00035
Contract Expiry Date: Fri Jan 10 2020
Last Updated using manual update on Wed Aug 28 13:07:23 2019
Last Update Attempt: Wed Aug 28 10:34:13 2019
Result: No Updates
diag autoupdate versions | grep "IPS Attack" -A 6
IPS Attack Engine
---------
Version: 6.00036
Contract Expiry Date: Sat Jan 16 2021
Last Updated using manual update on Mon Aug 31 14:17:05 2020
Last Update Attempt: Mon Oct 5 22:49:27 2020
Result: No Update
IPS Attack Engine
---------
Version: 6.00036
Contract Expiry Date: Sat Jan 16 2021
Last Updated using manual update on Mon Aug 31 14:17:05 2020
Last Update Attempt: Mon Oct 5 22:49:27 2020
Result: No Update
Browse to the pkg file and select 'OK'. The process will take 1 to 2 minutes maximum.
After upgrading the IPS Engine, verify the engines are restarted with the following CLI command:
diagnose test application ipsmonitor 1
Check the engine uptime has reset and the process IDs have changed.
In this example, the IPS engine was upgraded to 4.00203.
Browse to the pkg file and select 'OK', this will take 1 to 2 minutes maximum.
After upgrading the IPS Engine, check the engines are automatically restarted with the following CLI command:
diag test app ipsmonitor 1
Manually restart the IPS engines with the following command if necessary:
diag test app ipsmonitor 99
Note:
Performing the activity of upgrading the IPS engine will terminate all TCP sessions.
If an IPS engine is loaded to the FortiGate HA cluster, the HA primary unit will push the IPS engine to the HA secondary unit.
All FortiOS images come with built-in IPS engines. In case FortiOS firmware is upgraded and the target build has the same version of the IPS engine as the current FortiOS build, it is necessary to reload the IPS engine after a firmware upgrade.
In this example, the IPS engine was upgraded to 4.00203. The change can now be verified in the GUI:
Note: It is possible to get the IPS Engine from a TAC Support Engineer.
Note: If the device has an evaluation license or no valid license, updating the database is not allowed.
