Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor II

Created on ‎06-20-2023 03:53 AM

Doubts about WAF generic profile

Hi all,

Im not familiarized with waf profiles and I'm not a web server expert. I have Fortigate 600E with 7.2.4 firmware and I would to apply a generic WAF profile to protect my web servers like I protect thems using IPS sensors. I know that the waf UTM included in Fortigate is very basic.

 

I have observed that WAF profiles have 2 sections:  Signatures and constraints. I had trought to use the default waf profile blocking all severity "High" signatures. My doubt is about the constraints. I'have observed all of them with monitor action and three of them, with blocking action, disabled (Illegal HTTP version) (Ilegal HTTP request method).

 

Why all the constraints are in monitor action? I Do you think is a good idea to use the WAF default profile blocking all "high signatures"  just to give a higher security to my web servers?

 

Thanks for your help.

 

 

Labels:
1620
4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Created on ‎06-22-2023 09:11 PM

Hello fortimaster,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1572
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎06-23-2023 05:31 AM

Hi,

 

I found this document concerning WAF:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiweb-cloud.pdf

 

Did you already have a look into it?

 

Regards,

Anthony-Fortinet Community Team.
1556
AronBrycen
New Contributor

Created on ‎06-24-2023 03:05 AM Edited on ‎06-26-2023 02:45 AM

The signatures section contains rules that match specific patterns or behaviors commonly associated with web application attacks. Blocking severity "High" signatures is a good starting point for enhanced security. However, it's crucial to regularly update the signature database to stay protected against emerging threats.

1536
fortimaster
Contributor II

Created on ‎06-29-2023 08:51 AM Edited on ‎06-30-2023 12:24 AM

Thanks for your help. I was very useful.

 

I have learn than if you want to log blocked signatures, you need to enable log using CLI. Now I have problems cause WAF blocks some "normal" traffic with "know exploits" signature... I will try to make some exceptions or I go to create more specific profiles.

 

Thanks for your help.

 

 

 

1496
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.