Fortinet Document Library

Version:


Table of Contents

More Links

IPS signature filter options

New Features

7.0.0
Download PDF
Copy Link

Highlight on hold IPS signatures

IPS signatures that are on hold (administrator-added delay for activation time) are highlighted in the GUI as follows:

  • On hold signatures are grayed out with an hourglass icon beside the signature name.
  • The signature tooltip displays the on hold expiry time.
  • Users can still use on hold signatures in an IPS sensor profile; however, the profile will not block matching traffic. It will monitor it instead (logging in effect) until the on hold time expires.

After a hold time is configured in the CLI, go to Security Profiles > IPS Signatures. In this example, the Adobe.Reader.Annots.api.setProps.Use.After.Free signature is on hold. Hover over the grayed-out entry to view the tooltip, which includes the action and hold time expiry. On this page, all on hold signatures are displayed as on hold regardless of whether override-signature-hold-by-id is enabled.

The same tooltip is available on the Edit IPS Sensor (Security Profiles > Intrusion Prevention) page when creating or editing the IPS signatures. In the Add Signatures pane when the Type is Signature, signatures on hold are only displayed as on hold if override-signature-hold-by-id is enabled.

More Links

Highlight on hold IPS signatures

IPS signatures that are on hold (administrator-added delay for activation time) are highlighted in the GUI as follows:

  • On hold signatures are grayed out with an hourglass icon beside the signature name.
  • The signature tooltip displays the on hold expiry time.
  • Users can still use on hold signatures in an IPS sensor profile; however, the profile will not block matching traffic. It will monitor it instead (logging in effect) until the on hold time expires.

After a hold time is configured in the CLI, go to Security Profiles > IPS Signatures. In this example, the Adobe.Reader.Annots.api.setProps.Use.After.Free signature is on hold. Hover over the grayed-out entry to view the tooltip, which includes the action and hold time expiry. On this page, all on hold signatures are displayed as on hold regardless of whether override-signature-hold-by-id is enabled.

The same tooltip is available on the Edit IPS Sensor (Security Profiles > Intrusion Prevention) page when creating or editing the IPS signatures. In the Add Signatures pane when the Type is Signature, signatures on hold are only displayed as on hold if override-signature-hold-by-id is enabled.