FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 199692
Description This article describe as how does the IPS engine determine if a packet contains an attack or anomaly.

IPS on FortiGate uses signature databases to detect known attacks.


Protocol decoders can also detect network errors and protocol anomalies.


Protocol decoders parse each packet according to the protocol specifications.


Some protocol decoders require a port number specification (configured on the CLI), but usually, the protocol is automatically detected.


If the traffic does not conform to the specification.


- If, for example, it sends malformed or invalid commands to the servers.

- Then the protocol decoder detects the error.


By default, an initial set of IPS signatures is included in each FortiGate firmware release.


FortiGuard updates the IPS signature database with new signatures. That way, IPS remains effective against new exploits.