Fortinet Community

Report Inappropriate Content · ‎03-06-2009

I noticed new single-arm IDS feature in FortiOS v4, but no complete description how to configure it. Simply place " set ips-sniffer-mode enable" to interface configuration seems to be insufficient. Documentation is silent about it too.

UkWizard · ‎03-06-2009

The v4 admin guide explains quite well i thought?

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

Report Inappropriate Content · ‎03-09-2009

No, I don' t understand how to configure corresponding firewall policy with protection profile. I have to set relation between interface and seleced IDS sensor.

abelio · ‎03-10-2009

ORIGINAL: gry73 No, I don' t understand how to configure corresponding firewall policy with protection profile. I have to set relation between interface and seleced IDS sensor.

Hi, you just to choose which FTG' s interface will be the one that sniff all the traffic, connect it to one hub or span port switch, and define the new interface-policy associated. Include inside all the IPS sensor you want to monitor. Two steps then: 1)enabling ips-sniffer-mode for the choosen interface 2) configure the relevant interface-policy including inside all the IPS sensor you want to monitor regards

regards

__ Abel

UkWizard · ‎03-10-2009

I would take a guess and say either; v3 firmware - Int -> Int or v4 firmware- any -> any

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

Report Inappropriate Content · ‎03-13-2009

Thank you, it works now. Necessary configuration: config firewall interface-policy edit 1 set interface ... set ips-sensor-status enable set ips-sensor ... next

Fortinet Community

Single-arm IDS in FortiOS v4