App package needs update for Fortinet

Vendor

Fortinet

Description

Indeni will alert when app package has not been updated.

Remediation Steps

Renew any app packages that need to be updated.

1. Login via ssh to the Fortinet firewall and execute the FortiOS "get system fortiguard-service status" command to list current update package versions and license expiry date and status.

2. Login via ssh to the Fortinet firewall and execute the FortiOS "diag autoupdate versions" and "diag autoupdate status" commands to get more details about the update policy and last update of the UTM services.

3. Login via https to the Fortinet firewall and go to the menu System > Dashboard > Status to locate the License Information widget. All subscribed services should have a green checkmark, indicating that connections are successful. A gray X indicates that the FortiGate unit cannot connect to the FortiGuard network, or that the FortiGate unit is not registered. A red X indicates that the FortiGate unit was able to connect but that a subscription has expired or has not been activated.

4. Verify that the Fortigate has internet access and then login via https to the Fortinet firewall to view the FortiGuard connection status by going to System > Config > FortiGuard menu. Select "Update Now" under AV & IPS Download Options to force a sync. In case of an update problem with the Web Filtering and Email Filtering expand the "Web Filtering and Email Filtering Options" and Change Port Selection to use an Alternate Port (8888) and press "Test Availability". Wait a few minutes and verify the license health status.

5. If the registration does not appear after changing to Alternate Port mentioned to the above step, try pinging the FortiGuard services URL using command "exec ping service.fortiguard.net". If that resolves to an IP then type the following commands:

- diag debug app update -1

- diag debug en

- exec update-now

If it does not resolve to an IP then this is a DNS issue.

Note: At the end disable the debug.

6. If you are using multiple VDOMS on the FortiGate, make sure that you have an Internet-facing VDOM set as the management vdom.

7. For more information about licensing review the next online article "Setting up FortiGuard services" : http://cookbook.fortinet.com/setting-fortiguard-services-54/

8. Contact Fortinet Technical support at https://support.fortinet.com/ for further assistance.

How does this work?

This script logs into the Fortigate using SSH and retrieves the Fortiguard Definition or last update by using the output of the FortiOS command "get system fortiguard-service status". The "get system fortiguard-service status" FortiOS command allows to view detailed information about the installed versions, expiration date and last update of the installed fortiguard licenses such as AV, IPS and Application control.

Why is this important?

This script logs into the Fortigate using SSH and retrieves the Fortiguard Definition or last update by using the output of the FortiOS command "get system fortiguard-service status". The "get system fortiguard-service status" FortiOS command allows to view detailed information about the installed versions, expiration date and last update of the installed fortiguard licenses such as AV, IPS and Application control.

Without Indeni how would you find this?

An adminisrator would need to log into the Fortinet firewall and manually check the expiration and last update of each Fortiguard license. A log message can notify the administrator about the license expiration date. This information can also be provided via the FortiManager and the FortiAnalyzer.


View Source Code