The diagnostic output in the exhibit, specifically the lines IPS session count: 0 and IPS VDOM with ips-sensor: 0, provides the key information. IPS VDOM with ips-sensor: 0 indicates that zero Virtual Domains (VDOMs) have an IPS sensor (profile) applied to a firewall policy. For the IPS engine to inspect traffic and for the session count to be greater than zero, an IPS profile must be applied to a firewall policy that is actively processing traffic. The output confirms the IPS engine is running (IPS Engine state: enabled), but it is not inspecting any traffic because it has not been assigned to any policy.

B. FortiGate entered into IPS fail open state.

This is incorrect. The output explicitly states IPS fail-open: disabled, meaning the feature is not enabled and the device could not have entered this state.

C. Administrator entered the command diagnose test application ipsmonitor 5.

This is incorrect. The exhibit clearly shows the command entered was diagnose test application ipsmonitor 1, which is used to display the IPS engine status.

D. Administrator entered the command diagnose test application ipsmonitor 99.

This is incorrect. The command shown is diagnose test application ipsmonitor 1. Furthermore, the 99 option is used to stop the IPS engine, but the output shows IPS Engine: running.

1. FortiOS Administration Guide 7.6.0

"Intrusion Prevention" section

"IPS configuration overview" subsection. It states

"To apply Intrusion Prevention to network traffic

you must enable it in a firewall policy." This confirms that without application to a policy

IPS will not function. The output IPS VDOM with ips-sensor: 0 directly reflects this missing configuration step.

2. FortiGate CLI Reference 7.6.0

diagnose test application ipsmonitor command description. The documentation explains that diagnose test application ipsmonitor 1 displays the IPS engine status. The output field IPS VDOM with ips-sensor is described as the number of VDOMs with at least one IPS sensor in a firewall policy. A value of 0 confirms no policy is using an IPS sensor.

3. FortiOS Handbook - Troubleshooting 7.6.0

"Troubleshooting IPS" section. A primary troubleshooting step is to verify that the IPS profile is applied to the correct firewall policy and that traffic is matching that policy. The command diagnose test application ipsmonitor 1 is used to check the engine's status

where a session count of zero points to a policy configuration issue.