IPS sensor designed with three layers: header, footer and regular sensors 7.0.3
Starting in FortiManager 7.0.3, IPS sensors are designed with three layers: A header and footer managed from the Global ADOM, and regular sensors which are ADOM specific.
IPS sensors are processed from top to bottom in the following order: header IPS sensor, body (regular) IPS sensor, and footer IPS sensor. The first signature match dictates the action of the signature to be installed on FortiGate.
To configure each IPS sensor layer:
- In FortiManager, enter the Global Database ADOM, and go to Header/Footer IPS.
- Click Create New to create new IPS header and footers.
- Enter a name, and click Create New under IPS Signatures and Filters to add IPS headers and/or footers.
- Click OK to save your changes.
- Select the IPS header/footer sensor in the table, and click ADOM Assignments.
The ADOM Assignments dialog appears, and you can define the sensor's assignment scope by selecting the ADOMs where the sensor can be applied. - Select the IPS header/footer sensor in the table, and click Assign/Unassign.
The Assign/Unassign dialog appears, and you can assign the sensor to one or more ADOMs defined in ADOM Assignments. - Enter the non-global ADOM where you want to create the normal IPS sensor.
- Go to Policy & Objects > Object Configurations > Intrusion Prevention, and click Create New to create a new ADOM specific IPS sensor or Edit to view an existing sensor.
- Under IPS Signatures and Filters, IPS header and footers created in the Global ADOM are applied to the sensor profile.