If the BIOS security level is set to 2, the firewall will reject the manually uploaded unsigned engine and give the following error:

Verify the BIOS security level using the 'get system status' command on the CLI:

get system status
Version: FortiGate-200F v7.4.3,build2573,240201 (GA.F)
First GA patch build date: 230509
Security Level: 2

First, change the firewall security level to 1 before upgrading the IPS Engine.

To change the security level:

1. Connect to the console port of the FortiGate.
2. Reboot the FortiGate (execute reboot) and enter the BIOS menu.
3. Press [I] to enter the System Information menu.
4. Press [U] to enter the Set security level menu.
5. Enter the required security level.
6. Continue to boot the device.

Refer to this document: Enhance BIOS-level signature and file integrity checking for more information about BIOS-level signatures and file integrity.

This error can also occur if the IPS engine version is a special build provided by the developers; in this case, enable autoupdate downgrade using the command below:

diagnose autoupdate downgrade enable 

After executing the command, upload the required IPS engine file, and once the IPS upgrade has completed successfully, revert the setting to its default state by running the command:

diagnose autoupdate downgrade disable

Additional Information: In some environments, downtime for rebooting the device to lower the security level is not acceptable. In such cases, if the firewall is managed by FortiManager, the device administrator can import the required IPS engine package into FortiManager and install it directly. This allows the IPS engine to be upgraded without reducing the security level or rebooting the firewall.

Note:
From version v7.0.16, v7.2.11, v7.4.6, and v7.6.1, the BIOS security level has been updated from numeric classification 0/1/2 to Low/High. For more information, refer to this document BIOS security Low and High level classification.