When finding the IPS signature under Security Profiles -> IPS Signature, the signature cannot be found. In this case, using signature 'HTTP2.RST_STREAM.Rapid.Reset.CVE-2023-44487.DoS' as example:


However, when verifying the signature from the FortiGuard website using the following link, IPS Signature, it is stated that the signature is added to both regular and extended databases.

This can happen because there is no IPS profile referenced under any firewall policy, and the database is not updated. To verify the current IPS database version on the FortiGate, go to System -> FortiGuard -> License Information -> Intrusion Prevention.

The following CLI command also shows the current database versions, including IPS:

diagnose autoupdate versions

The latest IPS database version can be verified from the FortiGuard website: Intrusion Prevention Service.

If the IPS database is showing an older version, enable the IPS Profile under one of the firewall policies and run the command below to update the database:

execute update-now

After verifying that the IPS database is already reflecting the latest database version, the missing IPS signature should now be available.

Related article:

Technical Tip: How to update IPS signatures at FortiGate when there are less signatures