Fortinet black logo

Administration Guide

Intrusion Prevention

Intrusion Prevention

Use intrusion prevention to detect and block network-based attacks.

To create a profile:
  1. Log in as a Restricted Administrator.
  2. In the tree menu, select Intrusion Prevention, and then select a profile category.
  3. In the toolbar, click Create New.
  4. Configure the profile settings, and click OK.
Tooltip

To clone an existing profile, right-click the profile in the content pane, and select Clone.

To edit a profile:
  1. Log in as a Restricted Administrator.
  2. In the tree menu, select Intrusion Prevention, and then select a profile category.
  3. In the content pane, select a profile, and take one of the following actions:
    • In the toolbar, click Edit.
    • Right-click the profile, and select Edit.
  4. Edit the settings, and click OK.

Name

The profile name.

Comment

Optionally, enter a description of the profile.

IPS Signatures

Click Add Signatures to add IPS signatures to the table. The signatures list can be filtered to simplify adding them.

To add or edit a signature's IP exemptions, select a signature then click Edit IP Exemptions.

Right-click on a signature to change the action (Pass, Monitor, Block, Reset, Default, or Quarantine), and to enable or disable Packet Logging.

IPS Filters

Click Add Filter to add IPS filters to the table. The filters list can be searched and filtered to simplify adding them.

Right-click on a signature to change the action (Pass, Monitor, Block, Reset, Default, or Quarantine), and to enable or disable Packet Logging.

Rate Based Signatures

Enable the required rate based signatures, then configure its options: Threshold, Duration, Track By, Action, and Block Duration.

Advanced Options

Enable or disable blocking malicious URLs.

Intrusion Prevention

Use intrusion prevention to detect and block network-based attacks.

To create a profile:
  1. Log in as a Restricted Administrator.
  2. In the tree menu, select Intrusion Prevention, and then select a profile category.
  3. In the toolbar, click Create New.
  4. Configure the profile settings, and click OK.
Tooltip

To clone an existing profile, right-click the profile in the content pane, and select Clone.

To edit a profile:
  1. Log in as a Restricted Administrator.
  2. In the tree menu, select Intrusion Prevention, and then select a profile category.
  3. In the content pane, select a profile, and take one of the following actions:
    • In the toolbar, click Edit.
    • Right-click the profile, and select Edit.
  4. Edit the settings, and click OK.

Name

The profile name.

Comment

Optionally, enter a description of the profile.

IPS Signatures

Click Add Signatures to add IPS signatures to the table. The signatures list can be filtered to simplify adding them.

To add or edit a signature's IP exemptions, select a signature then click Edit IP Exemptions.

Right-click on a signature to change the action (Pass, Monitor, Block, Reset, Default, or Quarantine), and to enable or disable Packet Logging.

IPS Filters

Click Add Filter to add IPS filters to the table. The filters list can be searched and filtered to simplify adding them.

Right-click on a signature to change the action (Pass, Monitor, Block, Reset, Default, or Quarantine), and to enable or disable Packet Logging.

Rate Based Signatures

Enable the required rate based signatures, then configure its options: Threshold, Duration, Track By, Action, and Block Duration.

Advanced Options

Enable or disable blocking malicious URLs.