Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
James3
New Contributor

Created on ‎07-13-2024 07:21 PM Edited on ‎07-13-2024 07:31 PM

What is the Difference Between IPS and APP?

I am currently exploring the differences between IPS and APP, specifically in the context of securing HTTPS servers. Here is my rule for testing:

 

 

 

#For APP, working good at http, a lot of ip not blocking in https.
F-SBID(--name "Http 403"; --pattern "403 forbidden"; --protocol tcp; --no_case; --flow from_server;)

#For IPS, both http & https are working good.
F-SBID(--name "Http 403"; --pattern "403 forbidden"; --protocol tcp; --no_case; --flow from_server,reversed;)

 

 

 

 

1. IPS and APP can use the same syntax. If I want to protect an HTTPS server, should I use IPS or APP?

2. Have any more details about IPS and APP?

3. Looks like App have issue for https traffic, maybe is bug?

436
0 Kudos
1 REPLY 1
AEK
SuperUser
SuperUser

Created on ‎07-14-2024 02:34 AM

Hope this few info can help:

  • IPS and App signatures are basically similar, with same syntax, and work in the same way
  • You use App signature to recognize the application behind the traffic, and you use IPS to recognize the attack (and block it if configured so)
AEK
AEK
385
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.