I am currently exploring the differences between IPS and APP, specifically in the context of securing HTTPS servers. Here is my rule for testing:
#For APP, working good at http, a lot of ip not blocking in https.
F-SBID(--name "Http 403"; --pattern "403 forbidden"; --protocol tcp; --no_case; --flow from_server;)
#For IPS, both http & https are working good.
F-SBID(--name "Http 403"; --pattern "403 forbidden"; --protocol tcp; --no_case; --flow from_server,reversed;)
1. IPS and APP can use the same syntax. If I want to protect an HTTPS server, should I use IPS or APP?
2. Have any more details about IPS and APP?
3. Looks like App have issue for https traffic, maybe is bug?
Hope this few info can help:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.