Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
glebras_FTNT
Staff
Staff

Created on ‎05-09-2016 08:27 AM Edited on ‎06-05-2024 07:26 AM By Moderator

Article Id 190036

Technical Tip: Applying IPS sensors to interface-policy

Description

 
This article describes the steps to apply an IPS sensor to a FortiGate interface.    
 
Scope
 
FortiGate.


Solution

 

Interface policies are implemented before the 'security' policies and are only flow-based. This feature allows the attachment of a set of IPS policies with the interface instead of the forwarding path, so packets can be delivered to IPS before entering firewall.

IPS sensors can be assigned to an interface policy.  Both incoming and outgoing packets are inspected by the IPS sensor (signature).

CLI Configuration:

This is an example of an interface policy on port1 with a custom IPS sensor named 'Custom.IPS.Sensor':
 
config firewall interface-policy
    edit 1
        set interface "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "ALL"
        set ips-sensor-status enable
        set ips-sensor "Custom.IPS.Sensor"
    next
end
 
For IPv6 addresses, interface-policy6 should be used instead.

Note: Enabling the interface policy will disable traffic offload on that interface.

This video describes the steps to create a custom IPS Signature and Sensor.
6938
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.