- Web方式离线更新
- 获取相关的离线特征码文件,文件名范例如下:
vsigupdate-OS7.0.0_92.03026.ETDB.High.pkg:病毒库
vsigupdate-OS7.0.0_92.03026.MMDB.pkg:移动端恶意软件(5.6以上固件)
nids_OS7.0.0_27.00759.NIDS.pkg:IPS库
apdb_OS7.0.0_27.00759.APDB.pkg:应用控制特征(5.0-5.4固件合并在IPS中)
ffdb_fos70_00007.03633.pkg:Internet服务数据库定义
IRISUpdate-OS6.0.0_4.862-fgt.pkg:僵尸网络IP数据库(5.X、6.0固件才有)
DLP-OS7.4.0_1.00043.DLDB.pkg:数据丢失保护(7.4固件才有)
- 使用管理员登录防火墙图形管理后台,选择系统管理—>FortiGuard,分别点开右边固件和通用更新、入侵防御、反病毒旁的+号。
- 点击相应特征库后面的升级数据库,点击“上传”选择本地的离线特征库文件,确定即可。
有时候会显示如下错误,通常为文件下载不完整导致,请重新下载文件。
- 升级完毕之后页面会提示升级成功。更新特征库和引擎都不会影响到业务的正常运行。
- CLI方式离线更新
有部分防火墙无法使用图形界面更新IPS库/病毒库,比如登录了支持服务已过期的FortiCloud账号,如下图所示。这时候则需要从命令行进行升级。
1. CLI命令行方式需要使用TFTP/FTP方式进行升级,以TFTP软件为例。
2. 以Tftpd64(Tftpt32的64位版本)为例,下载地址:https://bitbucket.org/phjounin/tftpd64/downloads/
3. 配置Tftpd64,在Current Directory设置特征库所在的路径,以及在Server interface设置监听TFTP服务对应的网卡。
点击Show Dir可以检查是否已配置当前目录为特征库文件所在目录。
4. 在图形管理界面,点击右上角的CLI图标进入命令行。
相关命令格式如下:
FortiGate # exec restore
av av
config Restore
config.
image image
ips ips
ipsuserdefsig
ipsuserdefsig
other-objects
other-objects
script script
secondary-image
secondary-image
FortiGate # exec restore av
ftp Restore antivirus
database from FTP server.
tftp Restore antivirus
database from TFTP server.
FortiGate # exec restore ips ?
ftp Restore IPS
database from FTP server.
tftp Restore IPS
database from TFTP server.
FortiGate # exec restore other-objects ?
ftp Restore other
FortiGuard packages from FTP server.
Current support:
Internet-service Database Apps/Maps and URL Allow List.
tftp Restore other
FortiGuard packages from TFTP server.更新病毒特征库命令范例:
FortiGate # exec restore av tftp vsigupdate-OS6.2.0_91.04752.ETDB.High.pkg 192.168.3.20
This operation will overwrite the current
antivirus database!
Do you want to continue? (y/n)y
Please wait...
Connect to tftp server 192.168.3.20 ...
#############
Get antivirus database from tftp server OK.更新IPS库命令范例:
FortiGate # execute restore ips tftp nids_OS6.2.0_24.00592.NIDS.pkg 192.168.3.20
This operation will overwrite the current IPS package!
Do you want to continue? (y/n)y
Please wait...
Connect to tftp server 192.168.3.20 ...
######
Get IPS database from tftp server OK.更新Internet服务数据库定义:
FortiGate # execute restore other-objects tftp ffdb_fos62_00007.03270.pkg 192.168.3.20
This operation will overwrite the current other objects!
Do you want to continue? (y/n)y
Please wait...
Connect to tftp server 192.168.3.20 ...
###############
Get other objects from tftp server OK.- 提示更新成功后,使用diagnose autoupdate versions查看各组件的版本信息,显示上次更新为Manual模式,版本号与特征库文件一致。
FortiGate # diag autoupdate versions
Virus Definitions
---------
Version: 91.04752
Contract Expiry Date: Fri Mar 6 2020
Last Updated using manual update on Wed Jul 5 09:12:36 2023
Last Update Attempt: Wed Jul 5 12:11:12 2023
Result: Unauthorized
Attack Definitions
---------
Version: 24.00592
Contract Expiry Date: Fri Mar 6 2020
Last Updated using manual update on Wed Jul 5 11:48:46 2023
Last Update Attempt: Wed Jul 5 12:11:12 2023
Result: Unauthorized
Internet-service Database Maps
---------
Version: 7.03270
Contract Expiry Date: n/a
Last Updated using manual update on Wed Jul 5 11:53:39 2023
Last Update Attempt: Wed Jul 5 10:11:08 2023
Result: Unauthorized
