Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor

Doubts about WAF generic profile

Hi all,

Im not familiarized with waf profiles and I'm not a web server expert. I have Fortigate 600E with 7.2.4 firmware and I would to apply a generic WAF profile to protect my web servers like I protect thems using IPS sensors. I know that the waf UTM included in Fortigate is very basic.

 

I have observed that WAF profiles have 2 sections:  Signatures and constraints. I had trought to use the default waf profile blocking all severity "High" signatures. My doubt is about the constraints. I'have observed all of them with monitor action and three of them, with blocking action, disabled (Illegal HTTP version) (Ilegal HTTP request method).

 

Why all the constraints are in monitor action? I Do you think is a good idea to use the WAF default profile blocking all "high signatures"  just to give a higher security to my web servers?

 

Thanks for your help.

 

 

4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Hello fortimaster,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hi,

 

I found this document concerning WAF:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiweb-cloud.pdf

 

Did you already have a look into it?

 

Regards,

Anthony-Fortinet Community Team.
AronBrycen
New Contributor

The signatures section contains rules that match specific patterns or behaviors commonly associated with web application attacks. Blocking severity "High" signatures is a good starting point for enhanced security. However, it's crucial to regularly update the signature database to stay protected against emerging threats.

fortimaster
Contributor

Thanks for your help. I was very useful.

 

I have learn than if you want to log blocked signatures, you need to enable log using CLI. Now I have problems cause WAF blocks some "normal" traffic with "know exploits" signature... I will try to make some exceptions or I go to create more specific profiles.

 

Thanks for your help.

 

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors