Hi Guys,
We are currently reviewing our security procedures and I have a general question with regards to the best practises for utilising the IPS filtering on a Fortinet box.
Is it better to define individual policies depending on the service you are protecting, or should it be applied by eg OS type, service etc., or just apply everything. Just looking for an idea of what others are doing.
We are currently defining indivdual IPS sensors depending on the service. However, I'm wondering whether this is the best way of doing this as we might overlook something ie. Applying the bruteforce filter for OWA, but forgetting about it being hosted on IIS, and thats service gets missed ... that sort of thing.
Comments welcome.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
https://forum.fortinet.com/tm.aspx?m=25637&high=ips
________________________________________________________
--- NSE 4 ---
________________________________________________________
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.