Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Marine25
New Contributor

IPS for Ebanking website

Hello Guys,

 

My customer has a Fortigate 1500d protecting its ebanking website ( server has SSL certificate)

 

He wants to deploy IPS for this ebanking.

 

Can you please advise if this is feasible without having certificate errors?

4 REPLIES 4
Marine25
New Contributor

Hello ,

 

Any ideas?

 

Thanks

crispy

You really want to be using a WAF for protecting a site like that. IPS is going to detect know exploits and by all means should be enabled. However you really should be looking at the requests for xss and other hacking and exploits. Although the Fortigate has a basic WAF function, it is not really suited to what you are wanting to use it for. You would end up with many false positives most likely causing everyone grief.

http://www.2000cn.com.au
Marine25

We are indeed including a WAF in the design (Barracuda). It will sit after the fortigate.

 

I wanted to add two layers of security: IPS + WAF.

 

But to achieve that i will need to install the private keys + the Cert on the fortigate. Is that correct?

crispy

Sorry for the late reply. You have probably already worked it out, but yes you would need to install the cert and key on the fortigate.

http://www.2000cn.com.au
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors