Fortinet black logo

New Features

Home FortiManager 7.0.0 New Features

IPS Baseline profile can be used together with an existing IPS profile 7.0.1

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID c54fdd80-4935-11eb-b9ad-00505692583a:308445
Download PDF

IPS Baseline profile can be used together with an existing IPS profile 7.0.1

New IPS Baseline profile can be used together with an existing IPS profile

IPS Baseline Profiles add a weight value to the actions in an IPS signature. When an Intrusion Prevention profile contains a standard IPS signature and a baseline profile, the action with the higher weight will take effect. Use baseline profiles to create custom Intrusion Prevention profiles for specific endpoints in your network.

To enable IPS Baseline Profiles:
  1. Go to System Settings > All ADOMs.
  2. In the Central Management pane, select an ADOM and click Edit in the toolbar.
  3. Next to Config IPS Baseline Profile, click Enable, then click OK.

  4. Go to Policy & Packages > Security Profiles. IPS Baseline Profile is displayed in the tree menu.

To add an IPS Baseline Profile entry:
  1. In the toolbar, click Create New.
  2. In the Name field, enter a name for the baseline profile.
  3. In the IPS Signatures toolbar, click Create New. The Create New IPS Signatures dialog is displayed.
  4. From the Action dropdown, select the action. Each action is assigned a non-configurable weight.
  5. Click OK.

  6. In the Change Note field, enter a change note, and click OK.
To add a Baseline Profile to an Intrusion Prevention profile:
  1. Go to Policy & Packages > Security Profiles > Intrusion Prevention.
  2. In the content pane, double-click a profile to edit it.
  3. From the IPS Baseline Sensor dropdown, select an IPS Baseline Profile, and click OK.

To view IPS Baseline actions in FortiOS:
  1. Go to Security Profiles > Intrusion Prevention.
  2. In the content pane, select an IPS signature, and click Edit.

    Standard IPS signatures display the items in the Action column in the default order.

    IPS Baseline Profiles display the items in the Action column by weight.

To preview an IPS Baseline action:
  1. Go to Policy & Objects.
  2. In the tree menu, go to Object Configurations > Security Profiles > Intrusion Prevention.
  3. In the content pane, right-click the signature you want to preview, and click Action Preview.

    The Signature Action Preview page displays the final action for each IPS signature.

  4. Admin users, or users with Read-Write permissions can override or remove the baseline profile by clicking delete (x) next to the IPS Baseline Sensor dropdown.

To update the IPS Baseline Profile permissions in a profile:
  1. Go to System Settings > Admin > Profile, and click Standard_User.
  2. In the IPS Baseline Profile row, change the settings to Read-Write or Read-Only.

  3. To enable IPS Baseline Permissions for Restricted users, click Intrusion Prevention, and then enable Allow to Unset Baseline.

  4. Log in as a restricted user.
  5. Go to Intrusion Prevention > Profiles.
  6. In the content pane, double-click an IPS signature. The IPS Baseline Sensor dropdown is displayed.

Previous
Next

IPS Baseline profile can be used together with an existing IPS profile 7.0.1

New IPS Baseline profile can be used together with an existing IPS profile

IPS Baseline Profiles add a weight value to the actions in an IPS signature. When an Intrusion Prevention profile contains a standard IPS signature and a baseline profile, the action with the higher weight will take effect. Use baseline profiles to create custom Intrusion Prevention profiles for specific endpoints in your network.

To enable IPS Baseline Profiles:
  1. Go to System Settings > All ADOMs.
  2. In the Central Management pane, select an ADOM and click Edit in the toolbar.
  3. Next to Config IPS Baseline Profile, click Enable, then click OK.

  4. Go to Policy & Packages > Security Profiles. IPS Baseline Profile is displayed in the tree menu.

To add an IPS Baseline Profile entry:
  1. In the toolbar, click Create New.
  2. In the Name field, enter a name for the baseline profile.
  3. In the IPS Signatures toolbar, click Create New. The Create New IPS Signatures dialog is displayed.
  4. From the Action dropdown, select the action. Each action is assigned a non-configurable weight.
  5. Click OK.

  6. In the Change Note field, enter a change note, and click OK.
To add a Baseline Profile to an Intrusion Prevention profile:
  1. Go to Policy & Packages > Security Profiles > Intrusion Prevention.
  2. In the content pane, double-click a profile to edit it.
  3. From the IPS Baseline Sensor dropdown, select an IPS Baseline Profile, and click OK.

To view IPS Baseline actions in FortiOS:
  1. Go to Security Profiles > Intrusion Prevention.
  2. In the content pane, select an IPS signature, and click Edit.

    Standard IPS signatures display the items in the Action column in the default order.

    IPS Baseline Profiles display the items in the Action column by weight.

To preview an IPS Baseline action:
  1. Go to Policy & Objects.
  2. In the tree menu, go to Object Configurations > Security Profiles > Intrusion Prevention.
  3. In the content pane, right-click the signature you want to preview, and click Action Preview.

    The Signature Action Preview page displays the final action for each IPS signature.

  4. Admin users, or users with Read-Write permissions can override or remove the baseline profile by clicking delete (x) next to the IPS Baseline Sensor dropdown.

To update the IPS Baseline Profile permissions in a profile:
  1. Go to System Settings > Admin > Profile, and click Standard_User.
  2. In the IPS Baseline Profile row, change the settings to Read-Write or Read-Only.

  3. To enable IPS Baseline Permissions for Restricted users, click Intrusion Prevention, and then enable Allow to Unset Baseline.

  4. Log in as a restricted user.
  5. Go to Intrusion Prevention > Profiles.
  6. In the content pane, double-click an IPS signature. The IPS Baseline Sensor dropdown is displayed.

Previous
Next