Predefined IPS signature settings

marypoppins · ‎10-11-2022

Dear All,

Could you please tell me how can I view the settings (F-SBID) of predefined ips signatures? Also where can I modify the rate/limit setting for example for the SMTP.Login.Brute.Force ? Especially in CLI?

Thank you

fortigate 600e

pminarik · ‎10-12-2022

It's the same in 6.4 and 7.0/7.2. If you're not too familiar with it, perhaps GUI will be easier. You need to pick the specific signature(s), and then switch "Rate-based settings" to "specify". Then you will be able to set the threshold and duration.

GUI IPS signature filter rate-based settings

[ corrections always welcome ]

View solution in original post

gfleming · ‎10-11-2022

Here is the documentation to modify the rate-based settings: https://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/419589/ips-configuration-opt...

Unfortunately I am fairly certain there is no way to view the F-SBID of the predefined IPS signatures. TAC can help you modify them as needed, though, on a case-by-case basis.

Cheers,
Graham

marypoppins · ‎10-12-2022

Sorry forgot to mention, version 6.4
I can not find its equivalent in the 6.4 version docs :(

pminarik · ‎10-12-2022

It's the same in 6.4 and 7.0/7.2. If you're not too familiar with it, perhaps GUI will be easier. You need to pick the specific signature(s), and then switch "Rate-based settings" to "specify". Then you will be able to set the threshold and duration.

GUI IPS signature filter rate-based settings

[ corrections always welcome ]

marypoppins · ‎10-13-2022

Ohh, I could not see the forest for the tree! And it also obvious in cli now.

Thank you

Predefined IPS signature settings

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website