Fortinet white logo
Fortinet white logo

Administration Guide

Intrusion prevention hold-time and CVE filtering

Intrusion prevention hold-time and CVE filtering

IPS signature filter options include hold-time and CVE pattern.

IPS signature hold-time

The hold-time option allows you to set the amount of time that signatures are held after a FortiGuard IPS signature update per VDOM. During the holding period, the signature's mode is monitor. The new signatures are enabled after the hold-time to avoid false positives.

The hold-time can be from 0 days and 0 hours (default) up to 7 days, in the format ##d##h.

Caution

This setting is configured for each FortiGate device and cannot be configured by restricted administrators.

For more information on configuring hold-time, see Intrusion prevention filtering options in Policy & Objects.

CVE pattern filters

The CVE pattern option allows you to filter IPS signatures based on CVE IDs or with a CVE wildcard, ensuring that any signatures tagged with that CVE are automatically included.

For more information on configuring CVE filters, see Intrusion prevention filtering options in Policy & Objects.

Intrusion prevention hold-time and CVE filtering

Intrusion prevention hold-time and CVE filtering

IPS signature filter options include hold-time and CVE pattern.

IPS signature hold-time

The hold-time option allows you to set the amount of time that signatures are held after a FortiGuard IPS signature update per VDOM. During the holding period, the signature's mode is monitor. The new signatures are enabled after the hold-time to avoid false positives.

The hold-time can be from 0 days and 0 hours (default) up to 7 days, in the format ##d##h.

Caution

This setting is configured for each FortiGate device and cannot be configured by restricted administrators.

For more information on configuring hold-time, see Intrusion prevention filtering options in Policy & Objects.

CVE pattern filters

The CVE pattern option allows you to filter IPS signatures based on CVE IDs or with a CVE wildcard, ensuring that any signatures tagged with that CVE are automatically included.

For more information on configuring CVE filters, see Intrusion prevention filtering options in Policy & Objects.