Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiSpain
New Contributor

Created on ‎01-18-2026 02:09 PM

IPS Signatures

Hi,

 

We owe a Fortinet Fortigate 50G in a domestic environment. In the section "IPS Signatures", we can see more than 5864 entries. 84% is blocked but 16% shows "pass":

 

Here you have a few examples:

 

Captura de pantalla 2026-01-18 a las 23.05.50.pngCaptura de pantalla 2026-01-18 a las 23.05.41.png

 

Does this mean a risk for our installation? Would it be better to have them all marked as "Block"? If positive, how can I change the action?

 

Thank you

 

Labels:
121
0 Kudos
7 REPLIES 7
mpapisetty
Staff
Staff

Created on ‎01-18-2026 03:44 PM

Hi @FortiSpain,

Couple of things here - 

1. If you are seeing only 5864 IPS signatures, chances are that these came by default and never got updated. Hence, all the signatures would be stale and so the network is not protected. (The signature package is from 2015, more then 10 years old!)

2. The default action set by FortiGuard works fine for most cases. If there are some signatures in pass, it may mean little to no risk, or it is a new signature that will get updated soon. For instance, in the screenshot, I see "phpMyAdmin.Serversync.php.Backdoor" which is set to pass. As of today, the default action should be drop. Here is the link to the signature - https://www.fortiguard.com/encyclopedia/ips/33351 . As you can see, the signature got an update in 2017 which is not reflected in your screenshot as the IPS package you are running is very old. 

 

Unless you have a policy with IPS enabled on the firewall and with a valid support contract for UTM, you will not see any updates on the package. 

 

Hope this information helps. 

HTH
Manoj Papisetty
111
FortiSpain
New Contributor
In response to mpapisetty

Created on ‎01-19-2026 03:39 PM Edited on ‎01-19-2026 03:40 PM

Hi @mpapisetty 

 

Thank you very much for your clear reply.

 

Could you be so kind as to answer the following question, please?

 

How is it possible to have such an old IPS package when the FortiGate is new?

How can I turn all the "pass" settings to "drop/block"?

 

I guess that UTM means "Unified Threat Management". The fact is that we have hired 1 year FortiCare Premium and FortiGuard UTP (United Threat)... So, the list should be updated (at least, by the company who installed the firewall), right?

 

Thanks again

72
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-19-2026 04:12 PM

Hi @FortiSpain ,

Here are the answers - 

1. What you are seeing is the "default" package. The updates only happen through FortiGuard on devices with a valid contract. 

2. If you have a valid license/contract, yes. 

 

Here is a troubleshooting document that can help with the updates - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Verifying-and-troubleshooting-FortiGuard-u...

HTH
Manoj Papisetty
65
0 Kudos
FortiSpain
New Contributor
In response to mpapisetty

Created on ‎01-19-2026 04:47 PM

Thank you.

 

Where can I see the date of the last updates for each service (anti-virus definitions, anti-virus engine, IPS definitions...)?

 

Thank you

56
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-19-2026 06:12 PM

The article I shared earlier shows both GUI and CLI way of checking it. On the CLI, the command is "diagnose autoupdate versions". On the GUI, System -> FortiGuard.

HTH
Manoj Papisetty
42
FortiSpain
New Contributor
In response to mpapisetty

Created on ‎01-20-2026 02:34 PM

Thank you very much again.

 

In CLI, the commands do not work. I guess I made something wrong. Thanks you for letting me know what it is.


Captura de pantalla 2026-01-20 a las 22.44.31.png

 

On GUI, I have pressed the button "Update Licenses & Definitions now". IPS >> Botnet IPs and Botnet Domains have been updated... But not the IPS definitions nor Malicious URL nor IPS definitions. However, IPS engine has been updated on 27th of August 2025 (Version 7.00587). Should I feel confident?

13
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-20-2026 02:38 PM

On the CLI, the commands are not within the "config system fortiguard", you will need to exit and then run them. 

 

IPS Engine is different from IPS signatures. Think of it like the gun and the bullets. You got a latest gun but you ammo is still old and not effective. 

 

If you can share a screenshot or the CLI output of the versions you currently have, I can help check if you are equipped with the latest signatures. 

HTH
Manoj Papisetty
13
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.