Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
glebras_FTNT
Staff
Staff

Created on ‎05-09-2016 08:27 AM

Article Id 190036

Technical Note: Applying IPS sensors to interface-policy

Description
This article describes the steps to apply an IPS sensor to a FortiGate interface.    

Solution
Interface policies are implemented before the “security” policies and are only flow based. This feature allows the attachment of a set of IPS policies with the interface instead of the forwarding path, so packets can be delivered to IPS before entering firewall.

IPS sensors can be assigned to an interface policy.  Both incoming and outgoing packets are inspected by the IPS sensor (signature).

Configuration CLI

This is an example of an interface policy on port1 with a custom IPS sensor named "Custom.IPS.Sensor"
config firewall interface-policy
    edit 1
        set interface "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "ALL"
        set ips-sensor-status enable
        set ips-sensor "Custom.IPS.Sensor"
    next
end
For IPv6 addresses, interface-policy6 should be used instead.

The following video describes the steps to create a custom IPS Signature and Sensor: https://video.fortinet.com/video/81/create-custom-ips-signatures-to-block-attacks.

5700
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.