Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 7.6.4 Administration Guide
    7.6.4
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    AMQP-powered subscription notifications for FortiGuard

    AMQP-powered subscription notifications for FortiGuard

    Fortinet Inc. leverages AMQP (Advanced Message Queuing Protocol) to deliver real-time update notifications to FortiGate devices. When enabled, this allows FortiGate to receive notifications directly from FortiGuard, eliminating the need for polling or persistent HTTP connections. By leveraging Fortinet Inc.'s cloud infrastructure, AMQP enables event-driven updates, reducing resource consumption and minimizing overhead. Notifications are pushed instantly to devices, ensuring proactive management and swift response to critical updates.

    The AMQP client daemon, fortimq, connects with the cloud server, fortimq-cloud. It works as a proxy for other FortiOS daemons to receive real-time updates for Fortinet Inc.'s cloud infrastructure. Once FortiGuard or an account or device-level contract is updated, fortimq-cloud publishes notifications to the FortiGate and triggers the update procedure.

    By default, fortimq stays idle until a feature explicitly subscribes to a topic, such as license alerts, database updates, and so on. When a subscription is created, fortimq:

    1. Connects to the cloud.

    2. Delivers updates automatically.

    3. Disconnects once all subscriptions are removed.

    Note

    The fortimq daemon requires the following pre-existing settings:

    config system fortiguard
    set fortiguard-anycast enable
end
config system global
    set cloud-communication enable
end

    CLI syntax

    AMQP-powered subscription notifications for FortiGuard can be enabled and disabled in the CLI using the following command:

    config system fortiguard
    set subscribe-update-notification {enable | disable}
end

    This command automatically creates the following subscriptions:

    • FortiGuard License Alerts

    • Database Update Notifications

    However, enabling subscribe-update-notification does not automatically disable persistent HTTP connections. If persistent-connection was manually enabled earlier, administrators should disable it after activating AMQP notifications to eliminate redundancy and reduce resource usage. Persistent HTTP connections can be disabled with the following command:

    config system fortiguard     
   set persistent-connection disable
end
    Note

    Persistent HTTP connection is disabled by default on supported devices.

    fortimq status can be tested using the following command:

    diagnose test application fortimq <integer>

    Example

    The following example demonstrates enabling AMQP-powered subscription notifications and reviewing the logs.

    To enable AMQP-powered subscription notifications for FortiGuard:

    1. Enable AMQP-powered subscription notifications:

      config system fortiguard
    set subscribe-update-notification enable
end

    2. Monitor fortimq activities:

      # diagnose debug application fortimq -1

      After fortimq starts, it will remain idle:

      <672> 02 fortimq_event()-211: handle event: restart (start)
<672> 08 fortimq_cleanup_unbound_payload_cb()-896
<672> 04 fortimq_client_try_start_cb()-1556
<672> 02 fortimq_event()-211: handle event: start-done (start)
<672> 02 fsm_update_state()-200: update state: idle (start)

      It will leave the idle state when a feature explicitly subscribes to a topic:

      • Once a new contract is set in the FortiGate, fortimq will receive the following message from FortiGuard:

        <227> 08 fortimq_handle_basic_deliver()-1044: receive msg:
  delivery tag 1, channel 1 key FGD-LIC-UPDATE.TOKYO-APAC
  {"version":"1.0","type":"device_contract","geoloca
...
handle_fortimq_lic_notify_packet[328]-version=1.0, type=device_contract
handle_fortimq_lic_notify_packet[375]-contracts[0]=[{ "serial_number": "FG201E4QXXXXXXXX", "contract": [ "AVDB-1-06-20260711:0:1:1:0", "COMP-1-20-20260711:0:1:1:0", "DLDB-1-06-20260711:0:1:1:0", "ENHN-1-20-20260711:0:1:1:0", "FAIS-1-06-20260711:0:1:1:0", "FCSS-1-10-20260711:0:1:1:0", "FGSA-1-06-20260711:0:1:1:0", "FMWR-1-06-20260711:0:1:1:0", "FRVS-1-06-20260711:0:1:1:0", "FURL-1-06-20260711:0:1:1:0", "HDWR-1-05-20260711:0:1:1:0", "IOTH-1-06-20260711:0:1:1:0", "ISSS-1-06-20260406:0:1:1:0", "NIDS-1-06-20260711:0:1:1:0", "SBCL-1-06-20180716:0:1:1:0", "SPAM-1-06-20260711:0:1:1:0", "SPRT-1-20-20260711:0:1:1:0", "ZHVO-1-06-20260711:0:1:1:0" ] }]

handle_fortimq_lic_notify_packet[404]-contract[0,12]=[ISSS-1-06-20260406:0:1:1:0]

      • Once a new FortiGuard database is deployed, fortimq will receive the following message from FortiGuard:

        3087> 08 fortimq_handle_basic_deliver()-1044: receive msg:
  delivery tag 1, channel 2 key
  {"version":"1.0","type":"package","geolocation":"T

handle_fortimq_obj_notify_packet[222]-version=1.0, type=package
handle_fortimq_obj_notify_packet[252]-version_string[0]=[07006000DBDB00100-00003.01214]

    3. Review the fortimq status and bindings:

      # diagnose test application fortimq 1
connection status: connected
    acct: 741008
    fqdn: qafortimq.fortinet.net
    port: 5671
    next-channel: 3
    msg count: 31
    attempts: 0

# diagnose test application fortimq 3
dump fortimq bindings:
    topic, queue, routing key, proc, pid, fd, cnt
    FGD-LIC_UPD 741008-FG201E4Q17901047 FGD-LIC-UPDATE.TOKYO-APAC updated 621 10 1
    FGD-DB-UPD FGD-DB-UPDATE-STREAM none updated 621 10 30

    4. Review the results of the contract subscription:

      1. Review the push update for when the contract is triggered by the fortimq notification:

        # diagnose debug application update -1
has_push_notification[690]-found notifcation for object=contract, version=00003.01214
cached_action_add[1284]-Cached action, act=00000002, add=1743727203, update=1743727203, now=1743727207, adjust=-4.
upd_daemon[1636]-Received update notification from ForitGuard.

do_update[760]-Starting push UPDATE (not final retry)

update_status_obj[787]-ISDB contract expiry=Sun Apr  5 17:00:00 2026

upd_install_pkg[1410]-ALCI000(alci) installed successfully

      2. Review the FortiGuard contract update result:

        # diagnose test update info 
System contracts:
    ISDB,Sat Apr  4 2026
...
SerialNumber=FG201E4QXXXXXXXX|Contract=...*ISSS-1-06-20260406:0:1:1:0*

      3. Review the event log:

        date=2025-04-03 time=17:40:27 eventtime=1743727227516567159 tz="-0700" logid="0100041000" type="event" subtype="system" level="notice" vd="root" logdesc="FortiGate update succeeded" status="update" msg="Fortigate notify update fcni=yes fsci=yes alci(0.00000) from 192.168.100.76:443"

    5. Review the results of the database subscription:

      1. Review the push update for when the database is triggered by the fortimq notification:

        # diagnose debug application update -1
has_push_notification[690]-found notifcation for object=dnsbot, version=00003.01214

upd_daemon[1636]-Received update notification from ForitGuard.

do_update[760]-Starting push UPDATE (not final retry)

upd_install_pkg[1410]-DBDB001(dnsbot) installed successfully

      2. Review the FortiGuard database update result:

        # diagnose autoupdate versions
Botnet Domain Database
---------
Version: 3.01214 signed
Contract Expiry Date: Thu Jul  9 2026
Last Updated using notify update on Thu Apr  3 16:09:22 2025
Last Update Attempt: Thu Apr  3 16:09:22 2025
Result: Updates Installed

      3. Review the event log:

        date=2025-04-03 time=16:09:22 eventtime=1743721762115544351 tz="-0700" logid="0100041000" type="event" subtype="system" level="notice" vd="root" logdesc="FortiGate update succeeded" status="update" msg="Fortigate notify update fcni=yes fsci=yes dnsbot(3.01214) alci(0.00000) from 192.168.100.76:443"

      4. Review the record of fortimq notification regarding the FortiGuard database:

        # diagnose test update info
Update Notification: total 4, last received at Thu Apr  3 17:41:05 2025
        last notification:
                AVDB00201-00093.02170
                AVDB00701-00093.02170
                DBDB00100-00003.01214
                FSCI00100-00000.00000

Support contract: pending_registration=255 got_contract_info=1
    account_id=[xxxxx@fortinet.com] company=[Fortinet] industry=[Technology]

User ID: XXXXX
GeoLocation: TOKYO-APAC
    Previous
    Next

    AMQP-powered subscription notifications for FortiGuard

    AMQP-powered subscription notifications for FortiGuard

    Fortinet Inc. leverages AMQP (Advanced Message Queuing Protocol) to deliver real-time update notifications to FortiGate devices. When enabled, this allows FortiGate to receive notifications directly from FortiGuard, eliminating the need for polling or persistent HTTP connections. By leveraging Fortinet Inc.'s cloud infrastructure, AMQP enables event-driven updates, reducing resource consumption and minimizing overhead. Notifications are pushed instantly to devices, ensuring proactive management and swift response to critical updates.

    The AMQP client daemon, fortimq, connects with the cloud server, fortimq-cloud. It works as a proxy for other FortiOS daemons to receive real-time updates for Fortinet Inc.'s cloud infrastructure. Once FortiGuard or an account or device-level contract is updated, fortimq-cloud publishes notifications to the FortiGate and triggers the update procedure.

    By default, fortimq stays idle until a feature explicitly subscribes to a topic, such as license alerts, database updates, and so on. When a subscription is created, fortimq:

    1. Connects to the cloud.

    2. Delivers updates automatically.

    3. Disconnects once all subscriptions are removed.

    Note

    The fortimq daemon requires the following pre-existing settings:

    config system fortiguard
    set fortiguard-anycast enable
end
config system global
    set cloud-communication enable
end

    CLI syntax

    AMQP-powered subscription notifications for FortiGuard can be enabled and disabled in the CLI using the following command:

    config system fortiguard
    set subscribe-update-notification {enable | disable}
end

    This command automatically creates the following subscriptions:

    • FortiGuard License Alerts

    • Database Update Notifications

    However, enabling subscribe-update-notification does not automatically disable persistent HTTP connections. If persistent-connection was manually enabled earlier, administrators should disable it after activating AMQP notifications to eliminate redundancy and reduce resource usage. Persistent HTTP connections can be disabled with the following command:

    config system fortiguard     
   set persistent-connection disable
end
    Note

    Persistent HTTP connection is disabled by default on supported devices.

    fortimq status can be tested using the following command:

    diagnose test application fortimq <integer>

    Example

    The following example demonstrates enabling AMQP-powered subscription notifications and reviewing the logs.

    To enable AMQP-powered subscription notifications for FortiGuard:

    1. Enable AMQP-powered subscription notifications:

      config system fortiguard
    set subscribe-update-notification enable
end

    2. Monitor fortimq activities:

      # diagnose debug application fortimq -1

      After fortimq starts, it will remain idle:

      <672> 02 fortimq_event()-211: handle event: restart (start)
<672> 08 fortimq_cleanup_unbound_payload_cb()-896
<672> 04 fortimq_client_try_start_cb()-1556
<672> 02 fortimq_event()-211: handle event: start-done (start)
<672> 02 fsm_update_state()-200: update state: idle (start)

      It will leave the idle state when a feature explicitly subscribes to a topic:

      • Once a new contract is set in the FortiGate, fortimq will receive the following message from FortiGuard:

        <227> 08 fortimq_handle_basic_deliver()-1044: receive msg:
  delivery tag 1, channel 1 key FGD-LIC-UPDATE.TOKYO-APAC
  {"version":"1.0","type":"device_contract","geoloca
...
handle_fortimq_lic_notify_packet[328]-version=1.0, type=device_contract
handle_fortimq_lic_notify_packet[375]-contracts[0]=[{ "serial_number": "FG201E4QXXXXXXXX", "contract": [ "AVDB-1-06-20260711:0:1:1:0", "COMP-1-20-20260711:0:1:1:0", "DLDB-1-06-20260711:0:1:1:0", "ENHN-1-20-20260711:0:1:1:0", "FAIS-1-06-20260711:0:1:1:0", "FCSS-1-10-20260711:0:1:1:0", "FGSA-1-06-20260711:0:1:1:0", "FMWR-1-06-20260711:0:1:1:0", "FRVS-1-06-20260711:0:1:1:0", "FURL-1-06-20260711:0:1:1:0", "HDWR-1-05-20260711:0:1:1:0", "IOTH-1-06-20260711:0:1:1:0", "ISSS-1-06-20260406:0:1:1:0", "NIDS-1-06-20260711:0:1:1:0", "SBCL-1-06-20180716:0:1:1:0", "SPAM-1-06-20260711:0:1:1:0", "SPRT-1-20-20260711:0:1:1:0", "ZHVO-1-06-20260711:0:1:1:0" ] }]

handle_fortimq_lic_notify_packet[404]-contract[0,12]=[ISSS-1-06-20260406:0:1:1:0]

      • Once a new FortiGuard database is deployed, fortimq will receive the following message from FortiGuard:

        3087> 08 fortimq_handle_basic_deliver()-1044: receive msg:
  delivery tag 1, channel 2 key
  {"version":"1.0","type":"package","geolocation":"T

handle_fortimq_obj_notify_packet[222]-version=1.0, type=package
handle_fortimq_obj_notify_packet[252]-version_string[0]=[07006000DBDB00100-00003.01214]

    3. Review the fortimq status and bindings:

      # diagnose test application fortimq 1
connection status: connected
    acct: 741008
    fqdn: qafortimq.fortinet.net
    port: 5671
    next-channel: 3
    msg count: 31
    attempts: 0

# diagnose test application fortimq 3
dump fortimq bindings:
    topic, queue, routing key, proc, pid, fd, cnt
    FGD-LIC_UPD 741008-FG201E4Q17901047 FGD-LIC-UPDATE.TOKYO-APAC updated 621 10 1
    FGD-DB-UPD FGD-DB-UPDATE-STREAM none updated 621 10 30

    4. Review the results of the contract subscription:

      1. Review the push update for when the contract is triggered by the fortimq notification:

        # diagnose debug application update -1
has_push_notification[690]-found notifcation for object=contract, version=00003.01214
cached_action_add[1284]-Cached action, act=00000002, add=1743727203, update=1743727203, now=1743727207, adjust=-4.
upd_daemon[1636]-Received update notification from ForitGuard.

do_update[760]-Starting push UPDATE (not final retry)

update_status_obj[787]-ISDB contract expiry=Sun Apr  5 17:00:00 2026

upd_install_pkg[1410]-ALCI000(alci) installed successfully

      2. Review the FortiGuard contract update result:

        # diagnose test update info 
System contracts:
    ISDB,Sat Apr  4 2026
...
SerialNumber=FG201E4QXXXXXXXX|Contract=...*ISSS-1-06-20260406:0:1:1:0*

      3. Review the event log:

        date=2025-04-03 time=17:40:27 eventtime=1743727227516567159 tz="-0700" logid="0100041000" type="event" subtype="system" level="notice" vd="root" logdesc="FortiGate update succeeded" status="update" msg="Fortigate notify update fcni=yes fsci=yes alci(0.00000) from 192.168.100.76:443"

    5. Review the results of the database subscription:

      1. Review the push update for when the database is triggered by the fortimq notification:

        # diagnose debug application update -1
has_push_notification[690]-found notifcation for object=dnsbot, version=00003.01214

upd_daemon[1636]-Received update notification from ForitGuard.

do_update[760]-Starting push UPDATE (not final retry)

upd_install_pkg[1410]-DBDB001(dnsbot) installed successfully

      2. Review the FortiGuard database update result:

        # diagnose autoupdate versions
Botnet Domain Database
---------
Version: 3.01214 signed
Contract Expiry Date: Thu Jul  9 2026
Last Updated using notify update on Thu Apr  3 16:09:22 2025
Last Update Attempt: Thu Apr  3 16:09:22 2025
Result: Updates Installed

      3. Review the event log:

        date=2025-04-03 time=16:09:22 eventtime=1743721762115544351 tz="-0700" logid="0100041000" type="event" subtype="system" level="notice" vd="root" logdesc="FortiGate update succeeded" status="update" msg="Fortigate notify update fcni=yes fsci=yes dnsbot(3.01214) alci(0.00000) from 192.168.100.76:443"

      4. Review the record of fortimq notification regarding the FortiGuard database:

        # diagnose test update info
Update Notification: total 4, last received at Thu Apr  3 17:41:05 2025
        last notification:
                AVDB00201-00093.02170
                AVDB00701-00093.02170
                DBDB00100-00003.01214
                FSCI00100-00000.00000

Support contract: pending_registration=255 got_contract_info=1
    account_id=[xxxxx@fortinet.com] company=[Fortinet] industry=[Technology]

User ID: XXXXX
GeoLocation: TOKYO-APAC
    Previous
    Next