Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiSpain
New Contributor II

Created on ‎01-18-2026 02:09 PM

IPS Signatures

Hi,

 

We owe a Fortinet Fortigate 50G in a domestic environment. In the section "IPS Signatures", we can see more than 5864 entries. 84% is blocked but 16% shows "pass":

 

Here you have a few examples:

 

Captura de pantalla 2026-01-18 a las 23.05.50.pngCaptura de pantalla 2026-01-18 a las 23.05.41.png

 

Does this mean a risk for our installation? Would it be better to have them all marked as "Block"? If positive, how can I change the action?

 

Thank you

 

Labels:
373
0 Kudos
18 REPLIES 18
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-21-2026 04:24 PM

Thank you.

 

Is the following correct as policy?

Captura de pantalla 2026-01-22 a las 1.22.43.pngCaptura de pantalla 2026-01-22 a las 1.22.56.png

 

Thank you

108
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-21-2026 04:25 PM

yes, that policy should do. 

HTH
Manoj Papisetty
105
0 Kudos
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-21-2026 05:06 PM

Thank you. Now, please, where do I have to go to run the commands you said?

 

 

96
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-21-2026 05:08 PM

just open the CLI console and run them directly at the # prompt. 

HTH
Manoj Papisetty
93
0 Kudos
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-21-2026 05:33 PM

Hi again!

 

Done! Now, instead of 5000 entries, I can see almost 20000 IPS signatures. I am very happy!

 

I would like to set everything as BLOCKED. What do I have to do?

 

Thanks again!

84
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-21-2026 05:38 PM

Hi @FortiSpain ,

I would not recommend doing that unless you are confident about each of the signatures and the traffic in the network. As such, it is best to leave it to FortiGuard to decide what should be allow and what should be block as it works for most network deployments. Otherwise, you may have traffic blocked as false positives. 

 

If you would like to go ahead with it anyway, then you can create a new IPS sensor from "Security Profiles"->"Intrusion Prevention"->"Create New", add all signatures and change the action to block. (as shown in the image attached)

 

HTH
Manoj Papisetty
Preview file
30 KB
81
0 Kudos
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-21-2026 05:53 PM

If you do not recommend, then i will leave it as it is. 

Thank you.

 

All the best!

77
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-21-2026 07:20 PM

Glad that the issue is resolved. Kindly mark the relevant comments as solution so that others can benefit from the same. 

HTH
Manoj Papisetty
74
0 Kudos
FortiSpain
New Contributor II

Created on ‎01-21-2026 04:26 PM

... I have added "all" in "Service"

103
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.