Description | This article describes the use of the IPS process in FortiGate. |
Scope | FortiGate. |
Solution |
In FortiGate, IPS (Intrusion Prevention System) are used to detect or block attacks/exploits/known vulnerabilities with signature-based defense.
There is three main processes within the IPS:
1) The ipsmonitor process is used for:
- Start/Stop IPS engines, Watchdog for IPS processes.
- Killing of ipsmonitor will restart all ipsengines.
# diag test app ipsmonitor 1 --> will display basic information on ipsmonitor.
2) The ipshelper process is used for:
- Configuration Management inside IPS engine.
- Monitor CMDB changes related to IPS.
- Compile IPS rule DB and generate DFA(Direct Filter Approach). See ipshelper is always as index 0 in the IPS process.
3) The ipsengine process is used for:
- Work process to do packet inspection.
- Involved in application control, Flow mode AV, Flow mode DLP and flow-based Email Filter.
- Number of the engine depends on different models/hardware. -It will be indexed starting from 1,2,3,4 etc.
Index 1 will be the master IPS engine which responsible:
- updating the DB in hardware.
- Clean-up SSL caches in Caches.
- Most likely will have higher CPU/Memory usage than the other IPS engine workers.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.