Description
This article explains how to manually upgrade the IPS Engine on a FortiGate.
Scope
FortiGate.
Solution
The IPS Engine can be upgraded manually as follows:
Log in to the Support Portal (support.fortinet.com) and then go to Support > Download > Service Updates.
Then select FortiGate under product and current Firmware version under OS version and then download the Attack definition .pkg file.
In FortiOS below v7.6.2:
Log in to the GUI and go to System -> FortiGuard -> IPS & Application Control. Select 'Upgrade Database', browse the new IPS Engine package, and select 'apply'.
In FortiOS v7.6.2 and above :
Log in to the GUI and go to System -> FortiGuard ->FortiGuard Security Services>Click on the upload icon and upload the package
After upgrading the IPS Engine, restart it by using the following CLI command:
diagnose test application ipsmonitor 99
Note:
Performing the activity of upgrading the IPS engine will terminate all TCP sessions.
From both the GUI and CLI, it is possible to check IPS Engine version before and after an upgrade.
CLI:
CLI:
diagnose autoupdate versions | grep "IPS Attack" -A 6
Note:
If, when opening FortiGuard, there is no license information about Intrusion Prevention (IPS Engine version, IPS License, etc), enable Intrusion Prevention on System -> Feature Visibility -> Intrusion Prevention.
After this, go back to FortiGuard, and all IPS-related information should be available.
Note:
If the device has an evaluation license or no valid license, updating the database is not allowed.
Related articles:
Technical Tip: How to manually upgrade the IPS Engine
Related articles:
Technical Tip: How to manually upgrade the IPS Engine
