Fortinet black logo

Online Help

Home FortiCNP 22.4.a Online Help
22.4.a
22.4.a
22.3.b
22.3.a

Create FortiGate IPS Sensor

Create FortiGate IPS Sensor

IPS Sensor will be created to attach to the firewall policy. An IPS Sensor defines the type of malicious files that needs to be blocked through FortiGate signature.

In this example, we will use a predefined IPS signature, "EICAR". An EICAR is a type of anti-malware test file that not harmful to the system. For more information on EICAR, please see https://www.eicar.org/download-anti-malware-testfile/.

  1. Log into FortiGate with your administrative account.
  2. Go to Security Profiles > Intrusion Prevention.
  3. Click +Create New to create an IPS sensor.
  4. Give a name the IPS Sensor, for example, "EICAR filter"

  5. Click Block malicious URLs to block malicious websites.
  6. In IPS Signatures and Filters, click +Create New.
  7. Add Signatures page will pop up for edit.

  8. In Type, select Signature to show the list of predefined IPS Signatures.
  9. Click Action drop down menu, select Block to block those requests.
  10. Enable Packet logging and Status.
  11. Search for the predefined signature - "EICAR".

  12. Click +Add Selected to add the "Eicar.Virus.Test.File".
  13. Click Ok to finish creating the IPS Signature.
  14. In Botnet C&C, select Block, then click OK to finish creating the IPS Sensor.

  15. Click OK to finish.

Previous
Next

Create FortiGate IPS Sensor

IPS Sensor will be created to attach to the firewall policy. An IPS Sensor defines the type of malicious files that needs to be blocked through FortiGate signature.

In this example, we will use a predefined IPS signature, "EICAR". An EICAR is a type of anti-malware test file that not harmful to the system. For more information on EICAR, please see https://www.eicar.org/download-anti-malware-testfile/.

  1. Log into FortiGate with your administrative account.
  2. Go to Security Profiles > Intrusion Prevention.
  3. Click +Create New to create an IPS sensor.
  4. Give a name the IPS Sensor, for example, "EICAR filter"

  5. Click Block malicious URLs to block malicious websites.
  6. In IPS Signatures and Filters, click +Create New.
  7. Add Signatures page will pop up for edit.

  8. In Type, select Signature to show the list of predefined IPS Signatures.
  9. Click Action drop down menu, select Block to block those requests.
  10. Enable Packet logging and Status.
  11. Search for the predefined signature - "EICAR".

  12. Click +Add Selected to add the "Eicar.Virus.Test.File".
  13. Click Ok to finish creating the IPS Signature.
  14. In Botnet C&C, select Block, then click OK to finish creating the IPS Sensor.

  15. Click OK to finish.

Previous
Next