Description | This article describe as how does the IPS engine determine if a packet contains an attack or anomaly. |
Scope | |
Solution |
IPS on FortiGate uses signature databases to detect known attacks.
Protocol decoders can also detect network errors and protocol anomalies.
Protocol decoders parse each packet according to the protocol specifications.
Some protocol decoders require a port number specification (configured on the CLI), but usually, the protocol is automatically detected.
If the traffic does not conform to the specification.
- If, for example, it sends malformed or invalid commands to the servers. - Then the protocol decoder detects the error.
By default, an initial set of IPS signatures is included in each FortiGate firmware release.
FortiGuard updates the IPS signature database with new signatures. That way, IPS remains effective against new exploits. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.