FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 194530

Description

 

This article describes how to obtain a custom IPS signature from Fortinet.


Scope

 

All FortiGate, FortiWeb, and FortiProxy appliances.

Solution

 

Fortinet Technical Support does not offer custom signatures as part of the services.

Before sending Fortinet an IPS signature request the link can be checked to confirm if an IPS signature already exists for the application.

In case the signature does not exist it is possible to arrange an analyst from the Fortinet IPS Team to help in reviewing the syntax created.

 

To be assisted by an IPS Analyst, the following information will be necessary.

  • A clear description of what is needed to be detected/blocked. This way the IPS team knows what the signature is needed for.
  • A procedure of how to conduct a test to validate the signature.
  • A verbose packet capture (sniffer) of the traffic containing the packet payload is vital.
  • The current configuration file of the FortiGate device.

 

It is possible to directly send an IPS signature to the IPS team, to do that fill the form on this link. It is not possible to guarantee that the IPS team will be able to resolve every custom signature request, however, the best effort will be done. Be advised a custom IPS signature request is handled as a P4 priority.