Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TopJimmy
New Contributor

IPS Block Notification

I' ve got my IPS stuff set up to " block" an attempt. During a recent pentest the tester got these from outside (internet) when an IPS sensor would trigger: How do I get rid of this? Essentially I want anybody who triggers an IPS sensor to get nothing.
-TJ
-TJ
3 REPLIES 3
Carl_Wallmark
Valued Contributor

Could it be that the sensor is set to " Block" ? try to set it to " Reset"

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
TopJimmy

ORIGINAL: Selective Could it be that the sensor is set to " Block" ? try to set it to " Reset"
that' s what I thought too but I don' t think that a reset is the way to go. My understanding is that the source of the IPS trigger will get a RST whereas the block is more of a black hole. Maybe I' m wrong in thinking that.
-TJ
-TJ
lmuir
New Contributor

You could change the replacement message to a single space character " " . Then they essentially get nothing.
Labels
Top Kudoed Authors