Application Control, Device & OS Identification, and Internet Service Database Definitions continue to work, but the databases are not updated and no new signatures are added.

For example, if application control is used in a firewall policy that has an internet service applied to the source or destination addresses, then the policy will continue to inspect matching traffic using the FortiGate's existing application control signatures and ISDB definitions.

Application control, device and OS detection, and internet service database are included in the base services that are included with all FortiCare support contracts See FortiGuard Security Services for details.

IPS scanning continues to work, but the IPS databases are not updated and no new signatures are added.

For example, if an IPS sensor with Block malicious URLs enabled is used in a firewall policy, then the policy will continue to inspect matching traffic using the FortiGate's existing IPS signatures and malicious URLs database.

An active IPS license is critical for stopping sophisticated and zero-day attacks, as FortiGuard IPS provides near‑real‑time intelligence with thousands of intrusion prevention rules to detect and block known and zero-day threats.

For more information, see Intrusion prevention.

IPS sensors and DNS Filter profiles with Botnet C&C configured continue to work, but the Botnet IPs and Botnet Domain databases are not updated and no new signatures are added.

While Botnet IPs and Domain are listed in the Intrusion Prevention category, they are actually part of the Firmware & General Updates contract.

For more information, see Botnet C&C domain blocking and IPS with botnet C&C IP blocking.

Antivirus scanning continues to work, but the antivirus database is not updated and no new signatures are added.

For more information, see Antivirus.

Category-based Web and DNS filtering stops working, as URLs and domains are sent to FortiGuard in real-time to determine the category.

By default, all web and DNS traffic is dropped. If allowing website or DNS requests when a rating error occurs is enabled, then all web and DNS traffic passes through without filtering.

If static URL or domain filtering is applied in a filter profile, those filters continue to work.

Configurations where only specific URLs and domains are allowed and all others are blocked continue to work, but this is not a scalable solution blocking websites or performing category filtering.

For more information, see FortiGuard filter and FortiGuard category-based DNS domain filtering.

Spam filtering stops working, as it queries the FortiGuard spam filtering server in real-time to check spammer IP addresses and emails (except those that are locally configured), phishing URLs, spam URLs, spam email checksums, and spam submissions. Anti-spam signatures are not updated.

Profile options based on local spam filtering continue to work.

For more information, see Email filter.

Outbreak prevention stops working, as it uses real-time lookups to the FortiGuard Global Threat Intelligence database.

For more information, see FortiGuard outbreak prevention.

The security rating check stops working.

Security Rating licenses are required to run security rating checks across all of the devices in the Security Fabric. They allow rating scores to be submitted to and received from FortiGuard for network ranking. Without security rating checks, critical vulnerabilities and configuration weaknesses in the Security Fabric cannot be identified, and best practice recommendations cannot be implemented.

For more information, see Security rating.