Refer to the exhibits. FortiGate HQ-NGFW-1 downloads and validates FortiGuard databases from FortiManager, which acts as a local FortiGuard Distribution Server (FDS) in a closed network. An administrator pushes a new firewall policy with an intrusion prevention system (IPS) profile from FortiManager to FortiGate HQ-NGFW-1. However, FortiGate does not recognize the new IPS signature from FortiManager. What is the most likely reason why FortiGate HQ-NGFW-1 does not recognize the new IPS signature? (Choose one answer)

A. FortiGate must enable rating for the FortiManager IP address, 192.168.1.120, in server list 1.
B. FortiManager and FortiGate have different IPS database versions.
C. The administrator must enable IPv6 connections for FortiGuard services on FortiManager.
D. The administrator must enable the fortiguard-anycast option to correctly download all signatures from the local FDS.

Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments

Omar Ahmed ([email protected]) 2025-10-08 12:26:57

Selected Answers: B

In a closed network setup, FortiManager acts as a local FortiGuard Distribution Server (FDS) to distribute IPS (and other security) updates to connected FortiGate devices.

If FortiManager has a newer IPS database version than the FortiGate (HQ-NGFW-1), and the FortiGate hasn't yet downloaded or synced that update, it won’t recognize new IPS signatures included in profiles pushed from FortiManager. As a result, the IPS profile will reference unknown or missing signatures, and FortiGate will not apply them correctly.