Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JohnGeorge
New Contributor

Created on ‎08-18-2017 07:01 AM

Detecting attempted intrustions

My gear: 

Fortigate 300D: 5.6.0

FortiAnalyzer 200D: 5.6.0

 

I’ve got IPS profiles on all Fortigate policies. I’ve been running Metasploit (Penetration Test software) against my Fortigate. When running it from my internal network, many IPS events are triggered, and my FortiAnalyzer manages the events. When I run metasploit from outside the network on a public IP address… nothing.

I need to know there is an attack in progress. How do I configure IPS so I can get notified? Do I need to configure something else?

2915
0 Kudos
1 REPLY 1
MikePruett
Valued Contributor

Created on ‎08-28-2017 10:19 AM

you have IPS enabled on your inbound policies (and they are configured the same as the ones that are properly alerting?) Is the policy set to log properly?

Mike Pruett

Fortinet GURU | Fortinet Training Videos

Mike Pruett Fortinet GURU | Fortinet Training Videos
1254
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.