| Description | This article describes how to update the IPS signatures when there are two HA clusters of the same hardware and FortiOS version but with different numbers of IPS signatures. One HA cluster has fewer IP signatures compared with the other cluster. |
| Scope | FortiGate. |
| Solution |
The cluster with fewer IP signatures does not have the IPS feature enabled in any of its Firewall Policies that have access to the Internet. If the IPS feature is not in use, the IPS database will not be updated. To verify the current IPS database version on the FortiGate, check under System -> FortiGuard -> License Information -> Intrusion Prevention -> IPS Definitions.
The IPS database version can also be verified by running below CLI command:
diagnose autoupdate versions | grep "Attack " -A 6
To update the IPS database, either create a test firewall policy with internet access and IPS feature enabled, or enable the IPS feature in an existing firewall policy, if one has already been created.
To create a test Firewall Policy, follow the instructions below: Go to root VDOM -> Policy & Objects -> Firewall Policy -> Create New, put the name, for example, Test, and fill in the fields of the policy. The outgoing interface should be the last interface towards the Internet, and which accesses the Internet.
Below is given an example of a Test Firewall Policy that has access to the Internet:
After the above steps, on the root VDOM execute the commands below, and after 2-3 minutes, the number will be increased.
config global
To check the IPS signatures, go to Security Profiles -> IPS Signatures.
Related articles: |
