Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
regards
/ Abel
Hello, I would recommend spend a couple of hours determining exactly what you need from IPS engine, doing a map of services,machines, network location etc. After that, define your own IPS specific sensors to cover your needs, log everything and re-check, let' s say, weekly. Adjust your sensors, eliminating false positives, etc Reward for all this job: - FTG' s resources saving - better logs - better signal/noise ratio to understand your particular network traffic regardsThanks for response. But for the people who dont have the time or the know-how to set up custom rules as you suggest, is there a recommendation of either of these predefined?
my 2 cents... I' ve never liked the idea of predefined IPS rule sets. You never know what the FGT will be checking or not checking until you look up the predefined rule. In the same amount of time I can create a new rule, put in all signatures for traffic I allow (which mainly is http, ssh, mail) which are marked " client" and let go. IPS is very powerful and often the only means to stop nasty intruders. I' ve never known that so many websites try to do a HTTP SQL.Injection until I put in the IPS signature for it (OK, some false positives but enough real ones left). But the price for it is that you get a bit closer to it and at least set up your own list. You may reduce the signatures at any time afterwards. Just putting in the predefined list and never look at the logs afterwards will not do the job, even if hardware is a non-issue for you. The other idea is to rely on Application Control, which more or less is a super-set of IPS wrapped around rules. Fortinet has put some experience into the AppCtrl so that you don' t have to know the low-level details of the protocol. Try it out and see how easy it is and yet very effective.thank you for detailed feedback. More to do and learn every day.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.