This article describes how to apply and validate an application custom signature in FortiGate.
|Scope||Granular control can be achieved by blocking, monitoring, accepting, or quarantining packets that match the signature.|
Custom application signatures help to recognize particular sorts of packets as they pass through the FortiGate,
and this custom signature may be applied to an application control sensor once built.
It is possible to configure the sensor to block, monitor, allow, or quarantine packets that match the signature.
After that, the sensor can be added to a firewall policy.
When a packet with the custom signature is recognized by the firewall policy,
the FortiGate does the action defined with the packet.
Use the following CLI commands to add the custom signatures.
View Customer Signature Using the GUI:
If the custom signature is not recognized by the firewall policy after applying it, gather the output of the following commands and create a support ticket.
# diagnose ips filter set "host x.x.x.x" <----- Replace x.x.x.x with the IP address of the client unit.
Once enough traffic is captured, enter the following CLI commands to stop the debug log capture:
# diagnose debug disable