Intrusion prevention signatures
Use the IPS Signatures monitor page to see where a signature is used, create a new IPS profile, or add the signature to an existing profile.
You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature. |
To view the IPS Signatures page as a Restricted Administrator, see Intrusion prevention signatures. |
Managing IPS Signatures
Right-click a signature in the page to view where the signature is used, or add it to a new or existing IPS profile.
To view where a signature is used:
-
Right-click a signature, and select Where Used. The Where <signature_name> is used window displays.
-
(Optional) Select a signature in the list, and click Edit to modify the signature.
-
(Optional) Select a signature in the list, and click View to display the signature details.
To create a new IPS profile:
-
Right-click a signature, and select Add to IPS Profile. The Add to IPS Profile dialog is displayed.
-
Click Create New IPS Profile.
-
In the Profile Name field, type a name for the profile.
-
From the Action dropdown, select the profile action.
-
(Optional) In the Comments field, describe the IPS profile.
-
(Optional) Click Signatures to add more signatures to the profile.
-
Click OK.
To add signatures to an existing profile:
-
Right-click a signature, and select Add to IPS Profile. The Add to IPS Profile dialog is displayed.
-
Click Profile(s) to select the profiles, and then click OK.
-
In the Profile Name field, type a name for the profile.
-
From the Action dropdown, select the profile action.
-
(Optional) Click Signatures to add more signatures to the profile.
-
Click OK.
To check device on-hold status:
-
Go to Policy & Objects > Security Profiles > IPS Signatures.
-
In the toolbar, click More > Check On-Hold Status.
-
Select a device from the Device list dropdown, and click OK.
The All On-Hold Signatures monitor is displayed showing the current list of on-hold IPS signatures for the selected device.
To make a signature global:
Right-click a signature, and select Promote to Global.
Viewing IPS Signature details
To view IPS Signature Information page, click the IPS signature name. The following information is displayed:
Section | Description |
---|---|
Name | The IPS signature name. |
Risk | Displays the risk level. |
Summary | Describes the threats and vulnerabilities detected by the IPS signature. |
Affected Products | Displays the products that are vulnerable to the attack. |
Action | Provides recommendations to prevent an attack. |
Analysis | Provides specific details about how the vulnerability can be exploited. |
References | A list of links you can visit for more information. |
Miscellaneous | The signature ID. |
To view information about the signature ID in FortiGuard, click the ID link in the ID column.