Intrusion Protection Custom signatures
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 459
http://docs.fortinet.com/ • Feedback
Custom signatures
Custom signatures provide the power and flexibility to customize the FortiGate Intrusion
Protection system for diverse network environments. The FortiGate predefined signatures
represent common attacks. If you use an unusual or specialized application or an
uncommon platform, you can add custom signatures based on the security alerts released
by the application and platform vendors.
You can also create custom signatures to help you block P2P protocols.
After creation, you need to specify custom signatures in IPS sensors created to scan
traffic. For more information about creating IPS sensors, see “Adding an IPS sensor” on
page 462.
For more information about custom signatures, see the FortiGate Intrusion Protection
System (IPS) Guide.
Viewing the custom signature list
To view the custom signature list, go to UTM > Intrusion Protection > Custom.
Figure 292: The custom signature list
Creating custom signatures
Use custom signatures to block or allow specific traffic. For example, to block traffic
containing profanity, add custom signatures similar to the following:
set signature 'F-SBID (--protocol tcp; --flow bi_direction; --
pattern "bad words"; --no_case)'
For more information on custom signature syntax, see the FortiGate Intrusion Protection
System (IPS) Guide.
Note: If virtual domains are enabled on the FortiGate unit, the Intrusion Protection settings
are configured separately in each VDOM. All sensors and custom signatures will appear
only in the VDOM in which they were created.
Create New Select to create a new custom signature.
Name The custom signature name.
Signature The signature syntax.
Delete and Edit
icons
Delete or edit the custom signature.
Note: Custom signatures are an advanced feature. This document assumes the user has
previous experience creating intrusion detection signatures.
To Next Page
Loading...