Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
FrankY1
Staff
Staff

Created on ‎01-02-2024 10:07 PM Edited on ‎01-02-2024 10:08 PM By Community Manager

Article Id 292064

Technical Tip: IPS profile actions and corresponding actions in logs

Description This article explains the action configured in the IPS profile and the expected value in the 'action' section in IPS logs.
Scope FortiGate.
Solution

When an IPS signature is triggered, the logs may show values in the 'Action' section different from the action set in the signature.

 

Refer to the following table for detailed correspondence:

Action in Profile

Action Meaning

Action in Logs

default

The default action set by IPS(can be any of the actions below).

 

allow

Allow the traffic without logging it.

 

monitor

Allow the traffic and log it.

detected

block

Drop the traffic silently.

dropped

reset

Send TCP reset to the source.

reset

quarantine

Drop future packets for the next x minutes.

dropped

 

References:

Configuring an IPS sensor

Technical Tip: IPS default action selection criteria
634
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.