Description
This article explains how to disable specific IPS signatures on a FortiGate managed by FortiManager.
It is achieved by running CLI script on the FortiManager against the ADOM database, and then pushing the configuration to the FortiGate.
Solution
1) Determine the entry that is to be disabled. Use the following command to find the entry:
# execute fmpolicy print-adom-object <ADOM> <object_ID> <profile_name>
This will show the IPS profiles on the ADOM database.
The entries are ordered as they are seen in the FortiManager GUI, the first entry from the GUI is first from the CLI and so on.
Example
# execute fmpolicy print-adom-object root 288 default
Dump object [default] of category [ips sensor]inadom [root]:
---------------
# config ips sensor
edit "default"
set comment "Prevent critical attacks."
config entries
edit 1 ----> Entry ID
set rule 30316
next
edit 2
set rule 29745
next
edit 3
set rule 26815
next
edit 4
set rule 27309
next
edit 5
set rule 15186
next
edit 6
set severity medium high critical
next
end
next
end
2) Create a script and run it on the policy package or ADOM database:
# config ips sensor
edit <IPS profile name>
config entries
edit <entry ID>
set status disable
end
end
3) The signature should be disabled after the script has been run.
4) Install the policy package on FortiGate to apply the changes.
