Block inside attacks

rezafathi · ‎04-19-2024

Hello

How can i block inside attacks like portscan or other attacks with fortigate inside my Lan?

Reza F.

ebilcari · ‎04-19-2024

There are two possible ways as shown also in this article:

- application control with custom signatures

- configuring a DoS policy

More general information can also be found here.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

rezafathi · ‎04-19-2024

Thanks. How can i find each application signature and use it in app control?

Reza F.

Sheikh · ‎04-19-2024

This would also help in application detection and control.

regards,

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**

AEK · ‎04-19-2024

Hi Reza

Try to configure a new IPS profile that blocks the below signature (Port.Scanning), then use it in your firewall policy.

Note that the default action for this signature is "Allow", that's why it is not blocked in the default IPS profiles.

AEK

rezafathi · ‎04-19-2024

I can not find this signature

Reza F.

AEK · ‎04-19-2024

Make sure your IPS signatures are updated.

diagnose autoupdate versions

AEK