Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hecklejekyll
New Contributor

How to change ips profile

Hi, I have been working on a demo project and am trying to configure IPS on my fortigate. I had to turn the feature on and I can configure a fw policy with the profiles. I am very new to firewalls and I have not placed the ips sensors on all the correct policies. I want to modify those policies but when i go into them they no longer have options to change the security stuff(av, webfiltering, ips, ect) do I have to delete the rule and recreate it every time or is there a way to edit? 

1 Solution
AEK
SuperUser
SuperUser

Hello

  • First, edit the policy and enable ssl certificate inspection
  • Click on to validate the change
  • Edit the policy again and there you can set the security profiles

Try not change the default profile. Always create your own and edit them as needed. I think is better do so.

If you are not familiar with security profiles, like IPS, App and so, just use the default profiles, they are good ones.

AEK

View solution in original post

AEK
3 REPLIES 3
AEK
SuperUser
SuperUser

Hello

  • First, edit the policy and enable ssl certificate inspection
  • Click on to validate the change
  • Edit the policy again and there you can set the security profiles

Try not change the default profile. Always create your own and edit them as needed. I think is better do so.

If you are not familiar with security profiles, like IPS, App and so, just use the default profiles, they are good ones.

AEK
AEK
hecklejekyll
New Contributor

Thanks for the quick response, I am about to go up there to try this out. Can you guide me on where to put the sensors? I know they should go on any policy going to the Webserver DMZ, I Have no policies allowing other traffic into the network except for vpn. Do my internet access policies for internal users need IPS? what about my tunnels?

AEK

I'd suggest to set IPS for the following policies in order of priority.

  • Any traffic from WAN to DMZ (for Web server you may add WAF profile as well)
  • Traffic from DMZ to internal (ideally there is no such traffic)
  • Traffic from inside to WAN
  • Traffic from VPN client to internal server
  • Traffic from internal client to internal server
  • Traffic from internal server to internal server

For the last one (internal server to internal server) we "usually" avoid UTM profiles for traffic that requires high performance, e.g.: from some App server to some DB server.

 

When starting with IPS you can use the default profile since its good one for almost all cases, then once you get familiar with configuring IPS profile (read from admin guide) you can optimize your own, e.g.: using filters like Client, Server, Severity and so ...

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors