IPS sensors Intrusion Protection
FortiGate Version 4.0 MR1 Administration Guide
542 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
• To add an individual signature, not included in any filters, to an IPS sensor. This is the
only way to add custom signatures to IPS sensors.
When a pre-defined signature is specified in an override, the default status and action
attributes have no effect. These settings must be explicitly set when creating the override.
To edit a pre-defined or custom override, go to UTM > Intrusion Protection > IPS Sensor
and select the Edit icon of the IPS sensor containing the override you want to edit. When
the sensor window opens, select the Edit icon of the override you want to change.
Figure 322: Configure IPS override
Note: Before an override can affect network traffic, you must add it to a filter, and you must
select the filter in a protection profile applied to a policy. An override does not have the
ability to affect network traffic until these steps are taken.
Signature Select the browse icon to view the list of available signatures. From this list,
select a signature the override will apply to and then select OK.
Enable Select to enable the signature override.
Action Select Pass, Block or Reset. When the override is enabled, the action
determines what the FortiGate will do with traffic containing the specified
signature.
Logging Select to enable creation of a log entry if the signature is discovered in
network traffic.
Packet Log Select to save packets that trigger the override to the FortiGate hard drive for
later examination.
Quarantine
Attackers (to
Banned Users List)
Select to enable NAC quarantine for this override. For more information
about NAC quarantine, see “NAC quarantine and the Banned User list” on
page 678.
The FortiGate unit deals with the attack according to the IPS sensor or DoS
sensor configuration regardless of this setting.
To Next Page
Loading...
Need help?
General
