Fortinet IPS does not block Joomla!.Core.Account.Creation.Privilege.Escalation Exploit
I have deployed Fortigate VM in AWS and all the licenses are active except Fortiguard. My issue is when I do a exploit to Joomla 3.4.4 instance placed behind the Fortigate VM through a Security Policy which has a IPS profile with all the IPS signatures selected, it does not get blocked, exploit success and user gets created on the Joomla instance.
I have no idea why Fortigate does not block that exploit attempt. And also I can find that specific signature in the IPS Signature database in my instance.
Can you capture a traffic of your exploit attempt and email it to email@example.com along with your FGT config file? We can then look deeper in to the issue. If you aren't comfortable with the full config, you can just email us the information for the firewall policy and IPS sensor you are using for testing.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.