Description
This article describes how to obtain a custom IPS signature from Fortinet.
Scope
All FortiGate, FortiWeb, FortiProxy appliances.
Solution
Fortinet Technical Support does not offer custom signatures as part of the services.
Custom signatures are very important in the network. For this particular task, it is possible to arrange for an analyst from the Fortinet IPS Team to help in reviewing the syntax created.
To be assisted by an IPS Analyst, attach this to the case:
- A clear description of what is needed to be detected/blocked. This way the IPS team knows what the signature is needed for.
- A procedure of how to conduct a test to validate the signature.
- A verbose packet capture (sniffer) of the traffic containing the packet payload is vital.
- The current configuration file of the FortiGate device.
It is not possible to guarantee that the IPS team will be able to resolve every custom signature request, however, the best effort will be done. Once the above-requested information is given, the case will be escalated to the IPS Team.
Correspond with the IPS Team via FortiCare ticketing systems, also be advised a custom IPS signature request is handled as P4 priority.
