Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pkumari
Staff
Staff

Created on ‎08-14-2024 10:35 AM Edited on ‎07-25-2025 05:45 AM By Moderator

Article Id 333242

Troubleshooting Tip: IPS definition showing version 0.0000 in FortiGuard

Description

This article describes possible reasons why the IPS definition version shows 0.0000 and explains how to resolve this issue.

 

System -> FortiGuard -> License Information -> IPS Definition.
Scope FortiGate & FortiProxy.
Solution

IPS Definition 0.000 is usually due to the database not being updated. As soon as the service, like IPS or any other UTM is not enabled in a firewall policy, the FortiGate will stop updating the database for the service to save space. As soon as the service is applied to a firewall policy, the database will also get updated again.

 

IPS def.png

 

IPS engine.png

 

There are two ways to resolve this issue.

 

  1. By uploading the IPS engine database manually.
  2. By restarting the IPS monitor & initiating updates to FortiGuard servers.

 

Method 1: 

 

Method 2: (Easy & recommended).

  • Verify the FortiGuard connectivity by running the following commands.

 

execute ping service.fortiguard.net

execute ping update.fortiguard.net

execute ping guard.fortinet.net

 

  • Make sure FortiGate has connectivity to the FortiGuard Servers.

 

execute ping update.fortiguard.net
PING fds1.fortinet.com (208.184.237.66): 56 data bytes
64 bytes from 208.184.237.66: icmp_seq=0 ttl=49 time=159.5 ms
64 bytes from 208.184.237.66: icmp_seq=1 ttl=49 time=159.4 ms
64 bytes from 208.184.237.66: icmp_seq=2 ttl=49 time=159.3 ms
64 bytes from 208.184.237.66: icmp_seq=3 ttl=49 time=159.3 ms
64 bytes from 208.184.237.66: icmp_seq=4 ttl=49 time=159.3 ms

 

execute ping service.fortiguard.net
PING guard.fortinet.net (173.243.138.91): 56 data bytes
64 bytes from 173.243.138.91: icmp_seq=0 ttl=48 time=145.8 ms
64 bytes from 173.243.138.91: icmp_seq=1 ttl=48 time=145.8 ms
64 bytes from 173.243.138.91: icmp_seq=2 ttl=48 time=145.7 ms
64 bytes from 173.243.138.91: icmp_seq=3 ttl=48 time=145.7 ms
64 bytes from 173.243.138.91: icmp_seq=4 ttl=48 time=145.7 ms

--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 145.7/145.7/145.8 ms

 

  • An IPS profile should be enabled in any of the firewall outgoing policies. If the user is not using the IPS profile in policies, create one test policy and enable the default IPS policy temporarily.

  • Restart the IPS monitor using the following command:

diagnose test application ipsmonitor 99

 

Performing the activity of restarting the IPS engine will terminate all TCP sessions.

 

  • Update the IPS database in the CLI by executing the following command:

 

diagnose debug reset
diagnose debug application update -1
diagnose debug enable
execute update-now

 

To stop the debugs, run the following command :

 

diagnose debug disable

 

  • Verify the IPS definition status by running the following CLI command; it should be updated once the FortiGuard update is successful.

diagnose autoupdate versions | grep "IPS Attack" -A 6

 

Related article:

Technical Tip: FortiGate unable to update IPS and antivirus databases

 

779
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.