IPS signatures for the operational technology security service
The FortiGuard Operational Technology (OT) includes both application control and intrusion prevention signatures for industrial applications and protocols. The OT attack definitions are only updated if the FortiGate has a valid OT Security Services license and an IPS security profile is used in a policy.
By default, OT signatures are excluded from the signature lists in the GUI.
To verify that the FortiGate has a valid OT Security Service license:
-
Go to System > FortiGuard.
-
In the License Information table, check the license status of Operational Technology (OT) Security Service.
-
Expand the Operational Technology (OT) Security Service entry to see the current versions.
To force the industrial DB attack definitions to update:
-
Optionally, create an IPS profile:
-
Go to Security Profiles > Intrusion Prevention and click Create New.
-
Enter a name for the profile.
-
In the IPS Signatures and Filters table click Create New.
-
Click OK.
-
Click OK.
See Intrusion prevention for more information.
-
-
Use the IPS profile in a policy:
-
Go to Policy & Objects > Firewall Policy.
-
Edit an existing policy, or click Create New to create a new policy.
-
Under Security Profiles, enable IPS and select an IPS profile.
-
Configure the remaining settings as needed, then click OK.
-
-
Go to System > FortiGuard and either click Update Licenses & Definitions Now, or wait for the next automatic update. The update could take a few minutes.
-
Refresh the page, then check the Operational Technology (OT) Security Service versions to confirm that they have been updated.
To make OT IPS and application control signatures available in the GUI:
config ips global set exclude-signatures none end
To view the signatures in the GUI:
-
Go to Security Profiles > Application Signatures and to find signatures that identify OT protocols.
-
Go to Security Profiles > IPS Signatures to find signatures that detect networks attacks that target OT assets.