IPS on FortiGate uses signature databases to detect known attacks.
Protocol decoders can also detect network errors and protocol anomalies.
Protocol decoders parse each packet according to the protocol specifications.
Some protocol decoders require a port number specification (configured on the CLI), but usually, the protocol is automatically detected.
If the traffic does not conform to the specification.
- If, for example, it sends malformed or invalid commands to the servers.
- Then the protocol decoder detects the error.
By default, an initial set of IPS signatures is included in each FortiGate firmware release.
FortiGuard updates the IPS signature database with new signatures. That way, IPS remains effective against new exploits.