Description
This article describes how to add IPS signatures to change the default action.
If the action for the IPS signature's attack is set to 'pass', it is possible change the action to 'block' by following the instructions below:
Solution
1) Go to Security Profiles -> Intrusion Prevention.
2) Create a New Profile or an existing profile can be used as well.
3) Select 'Create New' under IPS Signatures and Filters for the IPS sensor which is in use in this issue or to add a new entry.
Note:
Under IPS sensor configuration in GUI, ensure the selected signatures are arranged in proper order according to your need since FortiGate follows Top-Down approach in the table of IPS signatures and Filters to take appropriate action when there is a signature hit.