Hi,
i hope that you can help me with one problem.
I installed last stable firmware version (6.0.9 firmware version) on my FG, and currently testing/learning how to use IPS, and how to write custom IPS rules. In first day one problem emerged. Signature don't support enumerating ports in one IPS signature.
(testing with syntax like F-SBID(--name xxxx; --protocol tcp; --dst_port 2121,137,22,5555;).
Is it possible to enumerate more ports in one IPS signature (not range, larger/smaller then) ?
I would like that IPS signature with N tcp ports, trigger when packets with any of tcp port 2121,137,22,5555 appear on interface.
Example rule which i tried don't work:
F-SBID( --attack_id 9999; --name " Scanning.Closed.Ports_enumerating" --default_action quarantine; --protocol tcp; --dst_port 2121,137,22,5555;).
In manual i found syntax for single port, port range, larger then, smaller then.
Why we can't have simple enumerating like: port1,port2,portx,porty, or i missed something in manual.
Thanks for answer.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.