Description
This article describes how to obtain a custom IPS signature from Fortinet.
Scope
FortiGate, FortiWeb, and FortiProxy.
Solution
Fortinet Technical Support does not offer custom signatures as part of the services.
Before sending Fortinet an IPS signature request, check https://www.fortiguard.com/services/ips to confirm if an IPS signature already exists for the application.
In case the signature does not exist, it is possible to arrange an analyst from the Fortinet IPS Team to help in reviewing the syntax created.
To be assisted by an IPS Analyst, the following information will be necessary.
- A clear description of what is needed to be detected/blocked. This way the IPS team knows what the signature is needed for.
- A procedure of how to conduct a test to validate the signature.
- A verbose packet capture (sniffer) of the traffic containing the packet payload is vital.
- The current configuration file of the FortiGate.
It is possible to directly send an IPS signature to the IPS team, to do that fill the form on this https://www.fortiguard.com/faq/ips-contact. It is not possible to guarantee that the IPS team will be able to resolve every custom signature request; however, the best effort will be made.
A custom IPS signature request is handled as a P4 priority.
Related document:
Creating IPS and application control signatures
