Description
This article describes how to obtain a custom IPS signature from Fortinet.
Scope
FortiGate, FortiWeb, and FortiProxy.
Solution
Fortinet Technical Support does not offer custom signatures as part of the services.
Before sending Fortinet an IPS signature request, check IPS to confirm if an IPS signature already exists for the application.
Also, verify the current database for IPS. If regular, change it to extended and verify if an IPS signature already exists for the application.
Technical Tip: Changing the IPS database
In case the signature does not exist, it is possible to arrange an analyst from the Fortinet IPS Team to help in reviewing the syntax created.
To be assisted by an IPS Analyst, the following information will be necessary.
- A clear description of what needs to be detected/blocked. This way, the IPS team knows what signature is needed.
- A procedure of how to conduct a test to validate the signature.
- A verbose packet capture (sniffer) of the traffic containing the packet payload is vital.
- The current configuration file of the FortiGate.
It is possible to directly send an IPS signature to the IPS team. To do that, fill the form on this IPS Contact Form. It is not possible to guarantee that the IPS team will be able to resolve every custom signature request; however, the best effort will be made.
A custom IPS signature request is handled as a P4 priority.
Related document:
Creating IPS and application control signatures
