New Member

Question

All all IPS signatures...

Forum|Forum|8 years ago
September 14, 2017
1 reply
10465 views

I'm new to the world of Fortinet, so please bear with me...

On a FortiGate 60E (running 5.6.2), is there a way to add all IPS signatures at once, instead of having to go page by page and selecting them.

Or am I missing the point in that you only want to enable a small subset of them?

bks

robdog

New Member

If you want to enable all, you can do it this way

config ips sensor

edit SENSOR_NAME (You can modify default or create a new one.)

edit 1 set severity medium high critical set status enable set action block next

this will block all medium high and critical IPS signatures.

bshimkusAuthor

New Member

Here's the output of "show ips sensor":

show ips sensor

config ips sensor

edit "sniffer-profile"

set comment "Monitor IPS attacks."

config entries

edit 1

set severity high critical

set comment "Prevent critical attacks."

config entries

edit 1

set severity medium high critical

set comment "All predefined signatures with default setting."

config entries

edit 1

set comment "All predefined signatures with PASS action."

config entries

edit 1

set action pass

set comment "Protect against HTTP server-side vulnerabilities."

config entries

edit 1

set location server

set protocol HTTP

set comment "Protect against email server-side vulnerabilities."

config entries

edit 1

set location server

set protocol SMTP POP3 IMAP

set comment "Protect against client-side vulnerabilities."

config entries

edit 1

set location client

set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"

set block-malicious-url enable

config entries

edit 1

set severity medium high critical

set status enable

set action block

set severity low

I can't seem to create a new IPS sensor (but do I need to?). Not sure if I don't have the necessary feature enabled to see the configuration in the GUI. I do have "Intrusion Prevention" enabled (and the necessary licenses installed).

bks

bshimkusAuthor

New Member

Nevermind, figured it out. On mine, there is only one sensor, named "default."

Here's what I did:

FGT # config ips sensor

FGT (sensor) # edit default

FGT (default) # config entries

FGT (entries) # edit 1

FGT (1) # set severity low medium high critical

FGT (1) # set status enable

FGT (1) # set action block

FGT (1) # set log-packet enable

FGT (1) # next

FGT (1) # end

FGT (entries) # end

FGT (default) # end

FGT # end

bks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded