Solved! Go to Solution.
F-SBID( --attack_id 8151; --vuln_id 8151; --name " Windows.NT.5.Web.Surfing" ; --default_action drop_session; --service HTTP; --protocol tcp; --app_cat 25; --flow from_client; --pattern " Windows NT 5." ; --no_case; --context header; )Periods !@#" and others charactrers are a mother you have to escape them try this ( I got lazy with the periods :) ) show ips custom config ips custom edit " 1" set signature " F-SBID( --attack_id 8151; --name \" WindowsSurfing\" ; --default_action drop_session; --service HTTP; --protocol tcp; --app_cat 25; --flow from_client; --pattern \" Windows\" ; --no_case; --context header; )" next end Also imho I drop the vuln_id field is kinda of redundant imho but YMMV. You can follow my blog at http://socpuppet.blogspot.com/2013/01/writing-ips-rules-fortinet-style.html
PCNSE
NSE
StrongSwan
F-SBID( --attack_id 8151; --vuln_id 8151; --name " Windows.NT.5.Web.Surfing" ; --default_action drop_session; --service HTTP; --protocol tcp; --app_cat 25; --flow from_client; --pattern " Windows NT 5." ; --no_case; --context header; )Periods !@#" and others charactrers are a mother you have to escape them try this ( I got lazy with the periods :) ) show ips custom config ips custom edit " 1" set signature " F-SBID( --attack_id 8151; --name \" WindowsSurfing\" ; --default_action drop_session; --service HTTP; --protocol tcp; --app_cat 25; --flow from_client; --pattern \" Windows\" ; --no_case; --context header; )" next end Also imho I drop the vuln_id field is kinda of redundant imho but YMMV. You can follow my blog at http://socpuppet.blogspot.com/2013/01/writing-ips-rules-fortinet-style.html
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
F-SBID( --attack_id 8151;--vuln_id 8151; --name " Windows.NT.5.Web.Surfing" ; --default_action drop_session; --service HTTP; --protocol tcp; --app_cat 25; --flow from_client;--pattern " Windows NT 5." ; --no_case; --context header; )
PCNSE
NSE
StrongSwan
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.