Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
smartgate
New Contributor

What is fortigate IPS set status default ?

There is a set status default item in FORTIGATE IPS config. What does this do? I understand that enable/disable indicates the status of the signature/filter added to the IPS settings. But what happens when the status is set to default?

7 REPLIES 7
AEK
Honored Contributor II

When it is set to default, the action for that signature is the one shown in the Action column.

AEK
AEK
rosatechnocrat
Contributor II

@smartgate : Are you reffering for the signature configuration. 

 

If referring to signature config -- then status default sets the action of the signature to default whatever defined in signature definition. Or you can change the signature from default to custom block. 

 

For more clarity , you might to share screenshot or config that you referring to... Even there is a default IPS Security Profile as well. 

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
smartgate
New Contributor

It has been confirmed that the default IPS status setting operates according to the default status of each signature in the IPS signature category. Here's a question. Which signatures are registered with a status of disable? By what criteria is this selected, and is there a reason why this disabled signature does not seem to work?

AEK
Honored Contributor II

That's a good question.

I don't know the formal answer but in my opinion it can be related to one of the following:

  • Vulnerability is very old and is no more present on any nowadays systems
  • Vulnerability is not critical and does not have a so bad impact
  • Vulnerability can be confused with a needed functionality, so if it is blocked it can impact some other important functionality
AEK
AEK
rosatechnocrat
Contributor II

Disabled signatures are based on signature definitions update or manalluy disabled. 

To find out all disabled signatures , you can apply a column for status and filter with disabled. You can see below screenshot on how to find out disabled signatures. 

 

disabled sig.PNG

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
smartgate
New Contributor

Yes, I know. What I'm curious about is that if you set the status to default and select a signature with the default status of disable like in this picture, this signature won't work, so I'm curious why there is a separate disable signature.11.png

 

rosatechnocrat

As signature can be disabled manually as well instead of default status. 

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
Labels
Top Kudoed Authors