- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Suggestion for bad AV and IPS Defs
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Suggestion for bad AV and IPS Defs
Over the years, those of us long time customers (I'm going on 13 years) have experienced the chaos that results from a bad definition or scan engine update. The end result is a scanunit crash in the crashlog:
diag debug crashlog read
44: 2017-09-28 16:23:19 <01386> firmware FortiGate-500D v5.4.5,build1138b1138,170531 (GA) (Release) 45: 2017-09-28 16:23:19 <01386> application scanunit 46: 2017-09-28 16:23:19 <01386> *** signal 11 (Segmentation fault) received *** 47: 2017-09-28 16:23:19 <01386> AVDB 05004000AVDB00201-00051.00983-1709280015 48: 2017-09-28 16:23:19 <01386> ETDB 05004000AVDB00701-00051.00983-1709280015 49: 2017-09-28 16:23:19 <01386> EXDB 05004000AVDB00401-00001.00000-1210171547 50: 2017-09-28 16:23:19 <01386> AVSO 04000000AVEN00701052471705041426 51: 2017-09-28 16:23:19 <01386> Register dump: 52: 2017-09-28 16:23:19 <01386> RAX: 0000000000000000 RBX: 00007fff7d207e20 53: 2017-09-28 16:23:19 <01386> RCX: 00000000000000f8 RDX: 0000000012f14bba 54: 2017-09-28 16:23:19 <01386> R8: 00000000000000ff R9: 0000000000000000 55: 2017-09-28 16:23:19 <01386> R10: 0000000000000002 R11: 00007fb2939a184b 56: 2017-09-28 16:23:19 <01386> R12: 0000000000000046 R13: 00000000ffffffff 57: 2017-09-28 16:23:19 <01386> R14: 00007fff7d207e20 R15: 00007fff7d207d70 58: 2017-09-28 16:23:19 <01386> RSI: 0000000000000000 RDI: 0000000000000002 59: 2017-09-28 16:23:19 <01386> RBP: 00000000ffffffff RSP: 00007fff7d207c60 60: 2017-09-28 16:23:19 <01386> RIP: 00007fb2965cd827 EFLAGS: 0000000000010202 61: 2017-09-28 16:23:19 <01386> CS: 0033 FS: 0000 GS: 0000 62: 2017-09-28 16:23:19 <01386> Trap: 000000000000000e Error: 0000000000000004 63: 2017-09-28 16:23:19 <01386> OldMask: 0000000000000000 64: 2017-09-28 16:23:19 <01386> CR2: 0000000000000014
++++++++++++++++++++SNIP++++++++++++++++
Is it not possible to design a feature with some sort of daemon that watches for these events? When a Def or Engine update occurs (perhaps I'm mistaken about Engine updates, I'm under the impression those are "pushed" just like AV and IPS Defs), the current one is saved in memory or on disk if available and if the daemon watching these events sees a scanunit crash, it reverts to the most recently replaced Engine or Def. Perhaps that isn't possible with an Engine update but it seems like it should be for a Def. Even if local resources precluded saving the previous version, it seems like a previous version could be downloaded from Fortinet servers.
This would greatly increase the stability of the platform IMHO.
Also I'd like to see a widget that displays the last 10 to 20 lines of the crashlog on the Dashboard. This would alert admins to the presence of an issue as not everyone is aware of how to check via the CLI.
Thanks
0 REPLIES 0
Related Posts
- Routing Issue on FortiGate 7.2.8 189 Views
- Forticlient blocks LAN connection 356 Views
- Suggestions on enhancing 'knowledge base' issues/questions... 176 Views
- Fortigate 3600C HA issue and it's... 155 Views
- Policy Routes with SD WAN -... 161 Views
Labels
-
FortiGate
6,459 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
High Availability
21 -
FortiConverter
21 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.