Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ranand
Staff
Staff

Created on ‎11-26-2021 04:20 AM

Article Id 199695

Technical Tip: IPS inspection sequence

 

Description This article describes the IPS inspection sequence.
Scope  
Solution

When the IPS engine compares traffic with the signatures in each filter, order matters.

 

- The rules are similar to firewall policy matching; the engine evaluates the filters and signatures at the top of the list first, and applies the first match. The engine skips subsequent filters.

 

- So, position the most likely matching filters, or signatures, at the top of the list.

 

- Avoid making too many filters, because this increases evaluations and CPU usage.

 

- Also, avoid making very large signature groups in each filter, which increase RAM usage.

 

In the event of a false-positive outbreak, you can add the triggered signature as an individual signature and set the action to Monitor.

 

This allows to monitor the signature events using IPS logs, while investigating the false-positive issue.

 

ranand_0-1637924666758.png

 

Labels:
1599
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.