DescriptionThis article describes how to change Intrusion Protection Sensor default action in FortiOS
4.0.
Users can also user Customer Overrides to allow certain signatures
to be blocked, however, when not every potential attack
signature is known, administrators may wish to just change All
Default signatures actions, thereby greatly restricting
malicious traffic. If any
valid traffic is affected by
this, Administrators can start user custom overrides to
block what attacks may be known by name now.
SolutionIn the steps below, the predefined scan Protection Profile and associated IPS sensor All_Default are used just as an example.
1. As a first step users must ensure that the policy they are
using, and subsequent Protection Profile, has IPS Sensor
option enabled, and desired IPS sensor selected. To do this, go to
Firewall > Protection Profile, and select the
Scan profile. Select the blue arrow for
IPS to expand the options. Select the check box to enable.
2. Edit the IPS Sensor to be used by going to
UTM > Intrution Protection > IPS Sensor and edit the appropriate sensor.
3. Once this sensor is open, choose a new action. Accept signatures default settings, Pass all, Block All and Reset
are possible selections. Select
OK.
Users will see the Action listed as the
action selected that is not default.
NOTE - This procedure
should not be confused with using
Custom Override, which is a similar, but separate procedure.
Related Articles
Blocking Ultrasurf with an IPS signature
Technical Tip: How to use IPS custom override