Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Catkin038
New Contributor II

Created on ‎03-03-2025 06:26 AM

Why is the IPS signatures of Fortigate Os7.2.10 so much less than the total number on Fortiguard?

I noticed a problem. When the updated version is the same (31.962 at the time of posting), the signatures under the v7.2.10 build1706 (Mature) version are much less than the total signatures displayed on Fortiguard, only 12,346. On the 0S6.2.16 system, it is 18,861, which is close to the total number of entries, and on another OS7.4 device, it is also close to the total number of entries. I have followed the tutorial to turn on extended signatures and set exclude-signatures to none.
Will this affect Fortigate's security features?
Update record query:Intrusion Prevention Service | FortiGuard Labs

297
0 Kudos
1 Solution
Catkin038
New Contributor II

Created on ‎03-19-2025 10:54 AM

When I was reading the documentation recently, I noticed a feature update in the FortiOS 7.2.0 release notes
FortiGate models with the CP9 SPU receive the IPS full extended database (DB), and the other physical FortiGate models receive a slim version of the extended DB. This slim-extended DB is a smaller version of the full extended DB, and it is designed for customers who prefer performance.

The CP of SOC3 is CP9 Lite, so it can only use the slim database.

View solution in original post

55
0 Kudos
5 REPLIES 5
Catkin038
New Contributor II

Created on ‎03-03-2025 06:30 AM

Some signatures cannot be found on Os7.2, such as Adobe.Acrobat.CVE-2022-34237.Use.After.Free CVE-2022-34237.

295
0 Kudos
funkylicious
SuperUser
SuperUser
In response to Catkin038

Created on ‎03-03-2025 07:06 AM Edited on ‎03-03-2025 07:06 AM

hi,

in the example you have given, its because it's part of the extended IPS db, and it may be that you have the regular one enabled.

https://www.fortiguard.com/encyclopedia/ips/51833

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changing-the-IPS-database/ta-p/197371 

"jack of all trades, master of none"
"jack of all trades, master of none"
280
Catkin038
New Contributor II
In response to funkylicious

Created on ‎03-03-2025 07:13 AM

No, I have set the database to extended.
This was mentioned in my question

277
0 Kudos
Catkin038
New Contributor II
In response to funkylicious

Created on ‎03-03-2025 11:20 PM

Hello, I compared it after the most recent update (NIDS-31.963) and found that compared with the total number of signatures of 19,026, the FGT-61E OSv7.2.10 build1706 (Mature) has 6663 fewer signatures than Fortiguard's total signatures and 6515 fewer signatures than the FGT-50E's Os 6.2.16. However, on another 60E equipped with Os7.4.6, the number of signatures is correct. I confirmed that I have opened all signature databases according to the tutorial. Is it because of the uniqueness of the 7.2 system?

213
0 Kudos
Catkin038
New Contributor II

Created on ‎03-19-2025 10:54 AM

When I was reading the documentation recently, I noticed a feature update in the FortiOS 7.2.0 release notes
FortiGate models with the CP9 SPU receive the IPS full extended database (DB), and the other physical FortiGate models receive a slim version of the extended DB. This slim-extended DB is a smaller version of the full extended DB, and it is designed for customers who prefer performance.

The CP of SOC3 is CP9 Lite, so it can only use the slim database.

56
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.