The exhibit shows the output of the following command:
diagnose test application ipsmonitor 1
pid = 2044, engine count = 0 (+1)
0 - pid:2074:2074 cfg:1 master:0 run:1
How to interpret this output (FortiOS 7.6 – IPS internals)
ipsmonitor displays the status of IPS engines running on the FortiGate.
engine count = 0 means:
No IPS scanning engines are currently active
IPS is not processing any traffic
In FortiOS, IPS engines are started on demand.
Critical documented behavior
IPS processes are only spawned when at least one firewall policy is configured with an IPS profile and traffic matches that policy.
If no firewall policy references an IPS profile, the IPS engine:
Does not start
Shows engine count = 0
Appears “not working,” even though the IPS profile exists
This is exactly what the diagnose output indicates.
Why option A is correct
A. There is no firewall policy configured with an IPS security profile.
Creating an IPS profile alone is not sufficient
IPS must be applied to an active firewall policy
Traffic must match that policy for the IPS engine to run
Otherwise, ipsmonitor will show engine count = 0
This matches FortiOS 7.6 IPS operational behavior.
Why the other options are incorrect
B. Administrator entered the command diagnose test application ipsmonitor 5.
Incorrect.
The exhibit clearly shows ipsmonitor 1
Using a different argument would not explain engine count = 0
C. FortiGate entered into IPS fail open state.
Incorrect.
In fail-open, IPS engines may be bypassed, but they still initialize
engine count = 0 specifically indicates IPS is not in use at all
D. Administrator entered the command diagnose test application ipsmonitor 99.
Incorrect.
The command argument affects debug level, not engine creation
Again, the exhibit shows ipsmonitor 1
