If the BIOS security level is set to 2, the firewall will reject the manually uploaded unsigned engine and give the following error:

Verify the BIOS security level using the 'get system status' command on the CLI:

get system status
Version: FortiGate-200F v7.4.3,build2573,240201 (GA.F)
First GA patch build date: 230509
Security Level: 2

First, change the firewall security level to 1 before upgrading the IPS Engine.

To change the security level:

1. Connect to the console port of the FortiGate.
2. Reboot the FortiGate (execute reboot) and enter the BIOS menu.
3. Press [I] to enter the System Information menu
4. Press [U] to enter the Set security level menu
5. Enter the required security level.
6. Continue to boot the device.

Refer to Enhance BIOS-level signature and file integrity checking - FortiGate documentation for more information about BIOS-level signatures and file integrity.

Note:
From version v7.0.16, v7.2.11, v7.4.6, and v7.6.1, the BIOS security level has been updated from numeric classification 0/1/2 to Low/High. For more information, refer to BIOS security Low and High level classification - FortiGate documentation.