Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alexis_G
Contributor II

IPS filter on Policy ID with multiple protocols

Hi 

I have following question

Lets assume we have a firewall policy permitting Windows Active Directory Traffic (which resulst various TCP, UDP protocols).

Ifr for example I create an IPS filter containning these protocols , when requests reach firewall all traffic will be inspected by IPS filter for any protocols , OR 

example : if it is DNS traffic, only DNS replated IPS signatures will scan packets ?

 

Example: One IPS filter for DNS + LDAP, + NTP +ICMP

if for example I ping an IP address , by maching rule with this IPS filter, packet will be inspected for all protocols above or ICMP only ???

Thanks

--------------------------------------------

If all else fails, use the force !

1 REPLY 1
Toshi_Esumi
Esteemed Contributor II

https://docs.fortinet.com/document/fortigate/6.2.0/parallel-path-processing-life-of-a-packet/86811/p...

As in the flow diagram, it wouldn't look for UTM profiles, and then execute inspections, until the traffic matches a policy. If the matching policy doesn't have UTM configured, the inspection based on the profile never happens.