I noticed new single-arm IDS feature in FortiOS v4, but no complete description how to configure it. Simply place " set ips-sniffer-mode enable" to interface configuration seems to be insufficient. Documentation is silent about it too.
No, I don' t understand how to configure corresponding firewall policy with protection profile. I have to set relation between interface and seleced IDS sensor.
you just to choose which FTG' s interface will be the one that sniff all the traffic, connect it to one hub or span port switch, and define the new interface-policy associated. Include inside all the IPS sensor you want to monitor.
Two steps then:
1)enabling ips-sniffer-mode for the choosen interface
2) configure the relevant interface-policy including inside all the IPS sensor you want to monitor
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.