Troubleshooting Tip: FMWP signatures not available for virtual patching

How virtual patching works:

1. A new vulnerability is discovered (e.g., in GUI, SSH, etc.)
2. FortiGuard releases a corresponding FMWP signature.
3. FortiGate automatically downloads the update.
4. IPS engine starts detecting/blocking exploit attempts.
5. The device is effectively 'virtually patched', even without a firmware upgrade.

FMWP signatures are not available in the output below.

diagnose ips vpatch fmwp-status
    List of FMWP signatures from API server:

    Enabled FMWP signatures: 0

The command above shows vulnerabilities applicable to the current FortiOS version. FMWP signatures are only enabled when the FortiGate is vulnerable to a known issue. 

If the device is not affected by any known vulnerabilities, no FMWP signatures will be pushed or enabled. This is expected behavior, not an issue. For example, the above output is from FortiOS 7.4.11 which is currently not impacted by any vulnerabilities.

To manually enable all FMWP signatures for testing purposes:

This is intended only for testing/verification. It forces activation of signatures regardless of vulnerability status.

Note: 

• The IPS daemon communicates with the API server every few minutes to make sure that the list of enabled signatures is always up to date.
• It is updated by the regular execute update-now command.