| Description | This article describes the use of the IPS process in FortiGate. |
| Scope | FortiGate. |
| Solution |
In FortiGate, IPS (Intrusion Prevention System) are used to detect or block attacks/exploits/known vulnerabilities with signature-based defense.
There is three main processes within the IPS:
1) The ipsmonitor process is used for:
- Start/Stop IPS engines, Watchdog for IPS processes.
- Killing of ipsmonitor will restart all ipsengines.
# diag test app ipsmonitor 1 --> will display basic information on ipsmonitor.
2) The ipshelper process is used for:
- Configuration Management inside IPS engine.
- Monitor CMDB changes related to IPS.
- Compile IPS rule DB and generate DFA(Direct Filter Approach). 
See ipshelper is always as index 0 in the IPS process.
3) The ipsengine process is used for:
- Work process to do packet inspection.
- Involved in application control, Flow mode AV, Flow mode DLP and flow-based Email Filter.
- Number of the engine depends on different models/hardware. 
-It will be indexed starting from 1,2,3,4 etc.
Index 1 will be the master IPS engine which responsible:
- updating the DB in hardware.
- Clean-up SSL caches in Caches.
- Most likely will have higher CPU/Memory usage than the other IPS engine workers.
|
