| Description | This article describes how to update the IPS signatures when there are two HA clusters of the same hardware and FortiOS version but with different numbers of IPS signatures. One HA cluster has fewer IP signatures compared with the other cluster. |
| Scope | Tested in FortiGate-1000F v7.0.10, build6521. |
| Solution |
The cluster with fewer IP signatures does not have the IPS feature enabled in any of its Firewall Policies which has access to the Internet.
For this reason, first should be created a test Firewall Policy which has access to the Internet and should be enabled there the IPS feature. Or it should be enabled just the IPS feature in any of the Firewall Policies which is already created if there is such type of policy created in the first place.
To create a test Firewall Policy, follow the below instructions: Go to root VDOM -> Policy & Objects -> Firewall Policy -> Create New, put the name, for example, Test, and fill in the fields of the policy. The outgoing interface should be the last interface towards the Internet and which accesses the Internet.
Below is given an example of a Test Firewall Policy which has access to the Internet:
After the above steps, on root VDOM execute the below commands and after 2-3 minutes, the signatures number will be increased.
config global
To check the IPS signatures, go to Security Profiles -> IPS Signatures.
Related articles: |
