Hello, it is possible to filter SSLv3 packets via Fortigate?
There's a few snort rules that you can use but YMMV , in reality you should disable sslv3 support at the host:services. Within most case it a cfg line ( i.e apache2 ) or a software upgrade and disable via the software. Or if it's linux you can deploy a iptable rules once again YMMV and your success will vary.
If it's a fortigate (service) the only option is to look for a command configuration in the sys global or upgrade the unit fortiOS. You might get away with running FIPS mode of operation.
Do a search for SSLv3 iptables and/or SNORT and look at what it would take to convert the rules to a fortigate custom IPS sensor and test. I just did a SSLv3 identify and squash project like 3 months ago and we audit all inbound hosts and disable all services that support SSLv3, BUT we never did our outbound clients which is probably going to be the big threat. So the client browser is the weak spot.
So keep us update on what you do & the approach that you take.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.