There is a set status default item in FORTIGATE IPS config. What does this do? I understand that enable/disable indicates the status of the signature/filter added to the IPS settings. But what happens when the status is set to default?
When it is set to default, the action for that signature is the one shown in the Action column.
@smartgate : Are you reffering for the signature configuration.
If referring to signature config -- then status default sets the action of the signature to default whatever defined in signature definition. Or you can change the signature from default to custom block.
For more clarity , you might to share screenshot or config that you referring to... Even there is a default IPS Security Profile as well.
It has been confirmed that the default IPS status setting operates according to the default status of each signature in the IPS signature category. Here's a question. Which signatures are registered with a status of disable? By what criteria is this selected, and is there a reason why this disabled signature does not seem to work?
That's a good question.
I don't know the formal answer but in my opinion it can be related to one of the following:
Disabled signatures are based on signature definitions update or manalluy disabled.
To find out all disabled signatures , you can apply a column for status and filter with disabled. You can see below screenshot on how to find out disabled signatures.
Yes, I know. What I'm curious about is that if you set the status to default and select a signature with the default status of disable like in this picture, this signature won't work, so I'm curious why there is a separate disable signature.
Created on 01-25-2024 01:00 AM Edited on 01-25-2024 01:00 AM
As signature can be disabled manually as well instead of default status.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.