Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hecklejekyll
New Contributor

Created on ‎01-26-2024 08:04 AM

How to change ips profile

Hi, I have been working on a demo project and am trying to configure IPS on my fortigate. I had to turn the feature on and I can configure a fw policy with the profiles. I am very new to firewalls and I have not placed the ips sensors on all the correct policies. I want to modify those policies but when i go into them they no longer have options to change the security stuff(av, webfiltering, ips, ect) do I have to delete the rule and recreate it every time or is there a way to edit? 

Labels:
925
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎01-26-2024 08:10 AM

Hello

  • First, edit the policy and enable ssl certificate inspection
  • Click on to validate the change
  • Edit the policy again and there you can set the security profiles

Try not change the default profile. Always create your own and edit them as needed. I think is better do so.

If you are not familiar with security profiles, like IPS, App and so, just use the default profiles, they are good ones.

AEK

View solution in original post

AEK
919
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎01-26-2024 08:10 AM

Hello

  • First, edit the policy and enable ssl certificate inspection
  • Click on to validate the change
  • Edit the policy again and there you can set the security profiles

Try not change the default profile. Always create your own and edit them as needed. I think is better do so.

If you are not familiar with security profiles, like IPS, App and so, just use the default profiles, they are good ones.

AEK
AEK
920
0 Kudos
hecklejekyll
New Contributor

Created on ‎01-29-2024 05:38 AM

Thanks for the quick response, I am about to go up there to try this out. Can you guide me on where to put the sensors? I know they should go on any policy going to the Webserver DMZ, I Have no policies allowing other traffic into the network except for vpn. Do my internet access policies for internal users need IPS? what about my tunnels?

867
0 Kudos
AEK
SuperUser
SuperUser
In response to hecklejekyll

Created on ‎01-29-2024 08:14 AM

I'd suggest to set IPS for the following policies in order of priority.

  • Any traffic from WAN to DMZ (for Web server you may add WAF profile as well)
  • Traffic from DMZ to internal (ideally there is no such traffic)
  • Traffic from inside to WAN
  • Traffic from VPN client to internal server
  • Traffic from internal client to internal server
  • Traffic from internal server to internal server

For the last one (internal server to internal server) we "usually" avoid UTM profiles for traffic that requires high performance, e.g.: from some App server to some DB server.

 

When starting with IPS you can use the default profile since its good one for almost all cases, then once you get familiar with configuring IPS profile (read from admin guide) you can optimize your own, e.g.: using filters like Client, Server, Severity and so ...

AEK
AEK
855
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.