Skip to main content
machiasiaweb
machiasiaweb
New Member
August 29, 2017
Question

Policy with services allow + IPS

  • August 29, 2017
  • 1 reply
  • 3182 views

Hello,

 

I have setup Policy which specify some few services allow to pass.  Plus edit IPS and SSL/SSH inspection as well.  After that there are nothing can to log related to IPS. 

 

However, when the policy changed to ALL allow services + IPS and SSL/SSH inspection.  IPS is function.  

 

Did anyone can explain about it?

 

My Fortigate firewall is running OS 5.6.2. 

 

Thanks!

1 reply

saneeshpv_FTNT
Staff
saneeshpv_FTNT
Staff
August 29, 2017

Hi,

 

Good day !

I would like to know what kind of services you have allowed in the Policy at the First place and how did you confirm that IPS is functioning after enabling Service "ALL" in the Firewall policy. Did you notice any IPS logs when you moved the service to "ALL", for those specific services which you enabled earlier in the policy.

 

IPS uses predefined attack Signatures and behavior-based heuristics to identify a potential threat that is occurring or going to occur. In your case there are chances that those service which you have allowed in the policy is not having a match with IPS signatures.

Please provide more details.

 

Regards

Saneesh 

machiasiaweb
machiasiawebAuthor
New Member
August 30, 2017

Hello,

 

I have setup 2 policies in ordering

 

Policy 1:  Allow services like RDP, SSH, MSSQL, MYSQL, HTTP & HTTPS etc.   With default IPS rules enabled

Policy 2:  Allow all services and without ISP enabled

 

There are no any IPS logs which suppose should have.  Because I tested with disable Policy 1 and enable IPS at Policy 2.

 

There is something strange after re-edit many times.   Now it is functions now with Policy 1 & 2 enabled as like as top config.  Still don't know why but it looks functioning now.

 

 

Terms & ConditionsAccessibility statement