DescriptionThis article describes the steps to apply an IPS sensor to a FortiGate interface.
SolutionInterface policies are implemented before the “security” policies and are only flow based. This feature allows the attachment of a set of IPS policies with the interface instead of the forwarding path, so packets can be delivered to IPS before entering firewall.
IPS sensors can be assigned to an interface policy. Both incoming and outgoing packets are inspected by the IPS sensor (signature).
Configuration CLI
This is an example of an interface policy on port1 with a custom IPS sensor named "Custom.IPS.Sensor"
config firewall interface-policy
edit 1
set interface "port1"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
set ips-sensor-status enable
set ips-sensor "Custom.IPS.Sensor"
next
end
For IPv6 addresses, interface-policy6 should be used instead.
The following video describes the steps to create a custom IPS Signature and Sensor: https://video.fortinet.com/video/81/create-custom-ips-signatures-to-block-attacks.