Technical Tip: IPS traffic-submit
| Description | This article describes the IPS traffic-submet feature. FortiOS has a feature to send attack characteristics to FortiGuard in order to maintain and improve the IPS signature quality. The information is sent to the FortiGuard servers when an attack occurs and can be used to keep the database current as variants of attacks evolve. |
| Scope | FortiGate. |
| Solution | This feature can be activated:
The default value of this option is 'disable', starting from v5.4.0. If the FortiGate is configured to send the attack characteristics to the FortiGuard servers, but cannot resolve the URL 'fortinetipssubmit.com', then a log stating 'Can't resolve the IP address of fortinetipssubmit.com' is generated. Two solutions exist to resolve this issue and stop receiving this log. If the FortiGate has Internet connectivity and the attack characteristics are to be submitted to FortiGuard Service Network, verify the DNS settings by going to System > Network > DNS If the connectivity to FortiGuard is established, it should be possible to ping fortinetipssubmit.com: exec ping fortinetipssubmit.com PING fortinetipssubmit.com (208.91.113.110): 56 data bytes 64 bytes from 208.91.113.110: icmp_seq=0 ttl=42 time=164.8 ms If the FortiGate does not have Internet connectivity and it is not required to submit the attack characteristics to FortiGuard Service Network, disable this feature from the GUI or CLI as explained above. |