FDS-only ISDB package in firmware images
FortiOS firmware images include Fortinet objects in the built-in Internet Service Database (ISDB).
# diagnose firewall internet-service list List internet service in kernel(global): Internet Service Database Kernel Table: size 14974 bytes, Entry size 5844 bytes, number of index entries 165 number of IP range entries 0 Group(0): Weight(15), number of entries(162) ......
This lightweight ISDB package allows firewall rules and policy routes that use ISDB to access FortiGuard servers to continue working after upgrading FortiOS. For example, the following policy will work after an upgrade:
config firewall policy edit 440 set name "Fortinet Updates" set srcintf "port25" set dstintf "port1" set srcaddr "FortiAnalyzer" "FortiAuthenticator" "Tesla Management Interface" "BackupFortinet" "SipFW" "ConnectVPNMgmt" set internet-service enable set internet-service-id 1245187 1245326 1245324 1245325 1245193 1245192 1245190 1245185 set action accept set schedule "always" set logtraffic all set fsso disable next end
After the FortiGate reboots after a firmware update, an automatic update will run in five minutes so that the FortiGate can get the ISDB, whether or not scheduled update is enabled.
# diagnose autoupdate versions | grep Internet -A 6 Internet-service Full Database --------- Version: 7.02217 signed Contract Expiry Date: n/a Last Updated using manual update on Thu Mar 10 12:06:58 2022 Last Update Attempt: Thu Mar 10 12:07:27 2022