Intrusion Protection Custom signatures
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 535
http://docs.fortinet.com/ • Feedback
Custom signatures
Custom signatures provide the power and flexibility to customize the FortiGate Intrusion
Protection system for diverse network environments. The FortiGate predefined signatures
represent common attacks. If you use an unusual or specialized application or an
uncommon platform, you can add custom signatures based on the security alerts released
by the application and platform vendors.
You can also create custom signatures to help you block P2P protocols.
After creation, you need to specify custom signatures in IPS sensors created to scan
traffic. For more information about creating IPS sensors, see “Adding an IPS sensor” on
page 538.
For more information about custom signatures, see the FortiGate UTM User Guide.
Viewing the custom signature list
To view the custom signature list, go to UTM > Intrusion Protection > Custom.
Figure 315: The custom signature list
Creating custom signatures
Use custom signatures to block or allow specific traffic. For example, to block traffic
containing profanity, add custom signatures similar to the following:
set signature 'F-SBID (--protocol tcp; --flow bi_direction; --
pattern "bad words"; --no_case)'
For more information on custom signature syntax, see the FortiGate UTM User Guide.
Note: If virtual domains are enabled on the FortiGate unit, the Intrusion Protection settings
are configured separately in each VDOM. All sensors and custom signatures will appear
only in the VDOM in which they were created.
Create New Select to create a new custom signature.
Name The custom signature name.
Signature The signature syntax.
Delete and Edit
icons
Delete or edit the custom signature.
Note: Custom signatures are an advanced feature. This document assumes the user has
previous experience creating intrusion detection signatures.
Note: Custom signatures must be added to a signature override in an IPS filter to have any
effect. Creating a custom signature is a necessary step, but a custom signature does not
affect traffic simply by being created.
To Next Page
Loading...
Need help?
General
