I noticed a problem. When the updated version is the same (31.962 at the time of posting), the signatures under the v7.2.10 build1706 (Mature) version are much less than the total signatures displayed on Fortiguard, only 12,346. On the 0S6.2.16 system, it is 18,861, which is close to the total number of entries, and on another OS7.4 device, it is also close to the total number of entries. I have followed the tutorial to turn on extended signatures and set exclude-signatures to none.
Will this affect Fortigate's security features?
Update record query:Intrusion Prevention Service | FortiGuard Labs
Solved! Go to Solution.
When I was reading the documentation recently, I noticed a feature update in the FortiOS 7.2.0 release notes
FortiGate models with the CP9 SPU receive the IPS full extended database (DB), and the other physical FortiGate models receive a slim version of the extended DB. This slim-extended DB is a smaller version of the full extended DB, and it is designed for customers who prefer performance.
The CP of SOC3 is CP9 Lite, so it can only use the slim database.
Some signatures cannot be found on Os7.2, such as Adobe.Acrobat.CVE-2022-34237.Use.After.Free CVE-2022-34237.
Created on ‎03-03-2025 07:06 AM Edited on ‎03-03-2025 07:06 AM
hi,
in the example you have given, its because it's part of the extended IPS db, and it may be that you have the regular one enabled.
https://www.fortiguard.com/encyclopedia/ips/51833
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changing-the-IPS-database/ta-p/197371
No, I have set the database to extended.
This was mentioned in my question
Hello, I compared it after the most recent update (NIDS-31.963) and found that compared with the total number of signatures of 19,026, the FGT-61E OSv7.2.10 build1706 (Mature) has 6663 fewer signatures than Fortiguard's total signatures and 6515 fewer signatures than the FGT-50E's Os 6.2.16. However, on another 60E equipped with Os7.4.6, the number of signatures is correct. I confirmed that I have opened all signature databases according to the tutorial. Is it because of the uniqueness of the 7.2 system?
When I was reading the documentation recently, I noticed a feature update in the FortiOS 7.2.0 release notes
FortiGate models with the CP9 SPU receive the IPS full extended database (DB), and the other physical FortiGate models receive a slim version of the extended DB. This slim-extended DB is a smaller version of the full extended DB, and it is designed for customers who prefer performance.
The CP of SOC3 is CP9 Lite, so it can only use the slim database.
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.