By Manny Fernandez

September 30, 2021

Quick-Tip – Checking your Fortigate DB versions

By default, the FortiGate will reach out to FortiGuard Labs every 2 hours.  It will upgrade the various DB automatically.  As of the writing of this article, Let’s Encrypt’s old CA cert IdentTrust DST Root CA X3​ expired and broke a bunch of sites.  Fortinet is in the process of updating and removing the bad cert.   The command to validate your DB versions is:

dia autoupdate versions

The output should look something like this

AV Engine
---------
Version: 6.00154
Contract Expiry Date: Thu Oct 20 2022
Last Updated using manual update on Fri Aug 21 16:31:00 2020
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Virus Definitions
---------
Version: 89.04700
Contract Expiry Date: Thu Oct 20 2022
Last Updated using scheduled update on Thu Sep 30 16:30:15 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: Updates Installed

Extended set
---------
Version: 89.04700
Contract Expiry Date: Thu Oct 20 2022
Last Updated using scheduled update on Thu Sep 30 16:30:15 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: Updates Installed

Extreme set
---------
Version: 1.00000
Contract Expiry Date: Thu Oct 20 2022
Last Updated using manual update on Mon Apr 9 18:07:00 2018
Last Update Attempt: Wed Jan 13 18:15:25 2021
Result: Connectivity failure

Mobile Malware Definitions
---------
Version: 89.04700
Contract Expiry Date: Thu Oct 20 2022
Last Updated using scheduled update on Thu Sep 30 16:30:15 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: Updates Installed

IPS Attack Engine
---------
Version: 6.00071
Contract Expiry Date: Thu Oct 20 2022
Last Updated using scheduled update on Tue Feb 23 19:43:27 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

IPS Config Script
---------
Version: 1.00009
Contract Expiry Date: Thu Oct 20 2022
Last Updated using manual update on Thu Jun 6 14:02:00 2019
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Attack Definitions
---------
Version: 6.00741
Contract Expiry Date: Thu Oct 20 2022
Last Updated using manual update on Tue Dec 1 02:30:00 2015
Last Update Attempt: Wed Jan 13 18:15:25 2021
Result: Connectivity failure

Attack Extended Definitions
---------
Version: 18.00168
Contract Expiry Date: Thu Oct 20 2022
Last Updated using push update on Thu Sep 30 14:12:21 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Application Definitions
---------
Version: 18.00166
Contract Expiry Date: Thu Oct 20 2022
Last Updated using scheduled update on Tue Sep 28 14:30:17 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Industrial Attack Definitions
---------
Version: 18.00164
Contract Expiry Date: Fri Nov 12 2021
Last Updated using push update on Thu Sep 23 13:14:01 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

IPS Malicious URL Database
---------
Version: 3.00148
Contract Expiry Date: Thu Oct 20 2022
Last Updated using push update on Thu Sep 30 14:12:21 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Flow-based Virus Definitions
---------
Version: 89.04690
Contract Expiry Date: Thu Oct 20 2022
Last Updated using push update on Thu Sep 30 15:46:04 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Botnet Domain Database
---------
Version: 2.00844
Contract Expiry Date: Thu Oct 20 2022
Last Updated using scheduled update on Wed Sep 29 18:31:53 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Internet-service Database Apps
---------
Version: 7.01892
Contract Expiry Date: n/a
Last Updated using scheduled update on Thu Sep 30 12:30:22 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Internet-service Database Maps
---------
Version: 7.01892
Contract Expiry Date: n/a
Last Updated using scheduled update on Thu Sep 30 12:30:22 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Device and OS Identification
---------
Version: 1.00124
Contract Expiry Date: Thu Oct 20 2022
Last Updated using push update on Thu Sep 30 14:12:21 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

URL White list
---------
Version: 3.00278
Contract Expiry Date: Thu Oct 20 2022
Last Updated using scheduled update on Thu Sep 30 14:30:17 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

IP Geography DB
---------
Version: 3.00096
Contract Expiry Date: n/a
Last Updated using scheduled update on Mon Sep 27 14:30:19 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Certificate Bundle
---------
Version: 1.00027
Contract Expiry Date: n/a
Last Updated using manual update on Thu Aug 19 17:30:00 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Malicious Certificate DB
---------
Version: 1.00340
Contract Expiry Date: Thu Oct 20 2022
Last Updated using scheduled update on Mon Sep 27 18:31:21 2021
Last Update Attempt: Thu Sep 30 16:30:15 2021
Result: No Updates

Modem List
---------
Version: 0.000

FDS Address
---------
208.184.237.67:443

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story

  • Replacement messages are the pages and text blocks that... Full Story