Question
Detecting attempted intrustions
My gear:
Fortigate 300D: 5.6.0
FortiAnalyzer 200D: 5.6.0
I’ve got IPS profiles on all Fortigate policies. I’ve been running Metasploit (Penetration Test software) against my Fortigate. When running it from my internal network, many IPS events are triggered, and my FortiAnalyzer manages the events. When I run metasploit from outside the network on a public IP address… nothing.
I need to know there is an attack in progress. How do I configure IPS so I can get notified? Do I need to configure something else?