Description
This article describes how to disable IPS Intelligent-mode the option to disable IPS intelligent-mode in FortiOS 6.4.3 and later
By default, Intelligent-mode is enabled and IPS engine performs adaptive scanning to speed up the scan job and offload the traffic sooner.
IPS Intelligent-mode can be disabled in case it is necessary to scan traffics end to end (all bytes).
Scope
FortiGate v6.4.3, 7.0 and 7.2.
Solution
FortiOS 6.4.2 and earlier:
- In v6.4.2 and earlier versions, it is possible to disable intelligent-mode in IPS scanning mode (enable by default) to scan every single byte of traffic based on the customer’s requirements.
# config ips global
set intelligent-mode disable
end
FortiOS 6.4.3 and later:
Starting from FortiOS 6.4.3 and later, the IPS Intelligent-mode option has been removed from CLI and is enabled by default with regular IPS Database in use.
The option can be disabled by configuring custom IPS signature with the parameter (--skip-after 0) when using a regular IPS Database. More information on Custom IPS Signature:
https://docs.fortinet.com/document/ipsengine/3.6.0/custom-ips-and-application-control-signature-synt...
- When using extended IPS Database, IPS intelligent-mode is disabled by default and traffics are scanned end to end. Most high-end platforms have extended DB loaded by default.
# config ips global
set database extended
end
