Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
smartgate
New Contributor

Created on ‎01-24-2024 11:03 PM

What is fortigate IPS set status default ?

There is a set status default item in FORTIGATE IPS config. What does this do? I understand that enable/disable indicates the status of the signature/filter added to the IPS settings. But what happens when the status is set to default?

Labels:
435
0 Kudos
7 REPLIES 7
AEK
SuperUser
SuperUser

Created on ‎01-24-2024 11:09 PM

When it is set to default, the action for that signature is the one shown in the Action column.

AEK
AEK
426
rosatechnocrat
Contributor II

Created on ‎01-24-2024 11:09 PM

@smartgate : Are you reffering for the signature configuration. 

 

If referring to signature config -- then status default sets the action of the signature to default whatever defined in signature definition. Or you can change the signature from default to custom block. 

 

For more clarity , you might to share screenshot or config that you referring to... Even there is a default IPS Security Profile as well. 

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
425
0 Kudos
smartgate
New Contributor

Created on ‎01-24-2024 11:20 PM

It has been confirmed that the default IPS status setting operates according to the default status of each signature in the IPS signature category. Here's a question. Which signatures are registered with a status of disable? By what criteria is this selected, and is there a reason why this disabled signature does not seem to work?

418
0 Kudos
AEK
SuperUser
SuperUser
In response to smartgate

Created on ‎01-24-2024 11:35 PM

That's a good question.

I don't know the formal answer but in my opinion it can be related to one of the following:

  • Vulnerability is very old and is no more present on any nowadays systems
  • Vulnerability is not critical and does not have a so bad impact
  • Vulnerability can be confused with a needed functionality, so if it is blocked it can impact some other important functionality
AEK
AEK
405
rosatechnocrat
Contributor II

Created on ‎01-24-2024 11:26 PM

Disabled signatures are based on signature definitions update or manalluy disabled. 

To find out all disabled signatures , you can apply a column for status and filter with disabled. You can see below screenshot on how to find out disabled signatures. 

 

disabled sig.PNG

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
413
0 Kudos
smartgate
New Contributor

Created on ‎01-24-2024 11:36 PM

Yes, I know. What I'm curious about is that if you set the status to default and select a signature with the default status of disable like in this picture, this signature won't work, so I'm curious why there is a separate disable signature.11.png

 

403
0 Kudos
rosatechnocrat
Contributor II
In response to smartgate

Created on ‎01-25-2024 01:00 AM Edited on ‎01-25-2024 01:00 AM

As signature can be disabled manually as well instead of default status. 

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
360
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.