FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lestopace
Staff
Staff
Article Id 190018
Description
This article describes How to apply UTM security profiles on FortiGate interfaces.

Solution
Without UTM security profiles assigned to FortiGate interface:






In this example, IPS Sensor was used but other UTM security profiles can be bind to the firewall interface policy as well.

Solution.

FortiGate.
# config ips custom
    edit "102613"
        set signature "F-SBID( --attack_id 4976; --name \"HTTP.OPTIONS.LEMUEL\"; --service HTTP; --flow from_client; --pattern \"OPTIONS \"; --context uri; --no_case; --within 8,context; )"
        set severity critical
        set action block
        set comment ''
    next
end
# config ips sensor
    edit "IPS_Filter"
        set block-malicious-url enable
        set scan-botnet-connections block
        # config entries
            edit 1
                set rule 4976
                set status enable
                set action block
                set quarantine attacker
                set quarantine-expiry 1d
            next
        end
    next
end
# config firewall interface-policy
    edit 1
        set interface "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set service "ALL"
        set ips-sensor-status enable
        set ips-sensor "IPS_Filter"
    next
end
Results.




Related Articles

PSIRT Note: Undefined CVE, HTTP OPTIONS Method Enabled

Contributors