Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fjulianom
New Contributor III

About Application Control and IPS licenses

Hi guys,

 

I have a customer's FortiGate without UTM licenses such as AntiVirus or Web Filtering. I have read that Application Control is a free service from release 5.6.1 on.

 

Application Control is now a free FortiGuard service and the database for Application Control signatures is separate from the IPS database

 

http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-whats-new/Top-SecurityProfiles-app-co...

 

I can see that the FortiGate has the Application Control Signatures correctly updated, but the IPS licenses are expired since customer didn't purchase these type of licenses, and Application Control uses the IPS engine. Then, what is the impact of these mismatches? Will the FortiGate perform Application Control correctly?

 

 

Regards,

Julián

2 Solutions
hmtay_FTNT

Hi Julian,

 

Yes, your Application Control will function normally. The IPS Definition is relatively updated 2-3 days ago. That's the right version.

 

Homing

View solution in original post

hmtay_FTNT

Sorry, I means Application Control signatures. (in the past, Application Control signatures were in IPS Definitions. Wrong term now.)

 

IPS Definitions contain the signature, IPS Engine is the engine that does the IPS controls.

View solution in original post

8 REPLIES 8
fjulianom
New Contributor III

Hi guys,

 

Any tip?

 

Regards,

Julián

hmtay_FTNT

Hi Julian,

 

Yes, your Application Control will function normally. The IPS Definition is relatively updated 2-3 days ago. That's the right version.

 

Homing

fjulianom
New Contributor III

Hi Homing,

 

Please, two more questions about this:

 

1. Why was the IPS Definition updated if the FortiGate has no IPS license?

2. What's the difference between IPS Definitions and IPS Engine?

 

Regards,

Julián

hmtay_FTNT

Sorry, I means Application Control signatures. (in the past, Application Control signatures were in IPS Definitions. Wrong term now.)

 

IPS Definitions contain the signature, IPS Engine is the engine that does the IPS controls.

fjulianom
New Contributor III

Hi Homing,

 

Ah ok, then IPS signatures and IPS Definitions are the same thing? And the term IPS Definitions shouldn't be use nowadays?

 

Regards,

Julián

hmtay_FTNT

Hey Julian,

 

IPS Definitions means just IPS signatures now instead of both IPS and Application Control.

 

Homing

fjulianom
New Contributor III

Hi Homing,

 

Ok, it is clear now. I noticed that my IPS Engine is not the last version (I have version 3.00426 and last version is 3.00430 I think). Because Application Control uses IPS Engine and my engine is not updated to last version, does it have any impact in Application Control? Can the IPS Engine be updated automatically via FortiGuard or should it be updated manually? Thank you very much.

 

Regards,

Julián

ede_pfau
Esteemed Contributor III

The IPS engine is updated automatically via the FortiGuard service. It can take some time for revisions.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors