| Description | This article describes how to update the IPS signatures when there are two HA clusters of the same hardware and FortiOS version but with different numbers of IPS signatures. One HA cluster has fewer IP signatures compared with the other cluster. |
| Scope | Tested in FortiGate-1000F v7.0.10, build6521. |
| Solution |
The cluster with fewer IP signatures does not have the IPS feature enabled in any of its Firewall Policies which has access to the Internet.
For this reason, either create a test firewall policy with internet access and IPS feature enabled, or enable the IPS feature in an existing firewall policy, if one has already been created.
To create a test Firewall Policy, follow the below instructions: Go to root VDOM -> Policy & Objects -> Firewall Policy -> Create New, put the name, for example, Test, and fill in the fields of the policy. The outgoing interface should be the last interface towards the Internet and which accesses the Internet.
Below is given an example of a Test Firewall Policy which has access to the Internet:
After the above steps, on root VDOM execute the below commands and after 2-3 minutes, the signatures number will be increased.
config global
To check the IPS signatures, go to Security Profiles -> IPS Signatures.
Related articles: |
