Fortinet black logo

Administration Guide

IPS signatures for the industrial security service

The FortiGuard Industrial Security Service (ISS) includes both application control and intrusion prevention signatures for industrial applications and protocols. The industrial database attack definitions are only updated if the FortiGate has a valid ISS license and an IPS security profile is used in a policy.

By default, industrial signatures are excluded from the signature lists in the GUI.

To verify that the FortiGate has a valid ISS license:
  1. Go to System > FortiGuard.

  2. In the License Information table, check the license status of Industrial DB.

  3. Expand the Industrial DB entry to see the current Industrial Attack Definitions version.

To force the industrial DB attack definitions to update:
  1. Optionally, create an IPS profile:

    1. Go to Security Profiles > Intrusion Prevention and click Create New.

    2. Enter a name for the profile.

    3. In the IPS Signatures and Filters table click Create New.

    4. Click OK.

    5. Click OK.

    See Intrusion prevention for more information.

  2. Use the IPS profile in a policy:

    1. Go to Policy & Objects > Firewall Policy.

    2. Edit an existing policy, or click Create New to create a new policy.

    3. Under Security Profiles, enable IPS and select an IPS profile.

    4. Configure the remaining settings as needed, then click OK.

  3. Go to System > FortiGuard and either click Update Licenses & Definitions Now, or wait for the next automatic update. The update could take a few minutes.

  4. Refresh the page, then check the Industrial Attack Definitions version to confirm that they have been updated.

To make ISS IPS and application control signatures available in the GUI:
config ips global
    set exclude-signatures none
end
To view the signatures in the GUI:
  1. Go to Security Profiles > Application Signatures and search for industrial to find signatures that identify industrial protocols.

  2. Go to Security Profiles > IPS Signatures to find signatures that detect networks attacks that target industrial assets.

The FortiGuard Industrial Security Service (ISS) includes both application control and intrusion prevention signatures for industrial applications and protocols. The industrial database attack definitions are only updated if the FortiGate has a valid ISS license and an IPS security profile is used in a policy.

By default, industrial signatures are excluded from the signature lists in the GUI.

To verify that the FortiGate has a valid ISS license:
  1. Go to System > FortiGuard.

  2. In the License Information table, check the license status of Industrial DB.

  3. Expand the Industrial DB entry to see the current Industrial Attack Definitions version.

To force the industrial DB attack definitions to update:
  1. Optionally, create an IPS profile:

    1. Go to Security Profiles > Intrusion Prevention and click Create New.

    2. Enter a name for the profile.

    3. In the IPS Signatures and Filters table click Create New.

    4. Click OK.

    5. Click OK.

    See Intrusion prevention for more information.

  2. Use the IPS profile in a policy:

    1. Go to Policy & Objects > Firewall Policy.

    2. Edit an existing policy, or click Create New to create a new policy.

    3. Under Security Profiles, enable IPS and select an IPS profile.

    4. Configure the remaining settings as needed, then click OK.

  3. Go to System > FortiGuard and either click Update Licenses & Definitions Now, or wait for the next automatic update. The update could take a few minutes.

  4. Refresh the page, then check the Industrial Attack Definitions version to confirm that they have been updated.

To make ISS IPS and application control signatures available in the GUI:
config ips global
    set exclude-signatures none
end
To view the signatures in the GUI:
  1. Go to Security Profiles > Application Signatures and search for industrial to find signatures that identify industrial protocols.

  2. Go to Security Profiles > IPS Signatures to find signatures that detect networks attacks that target industrial assets.