Fortinet white logo
Fortinet white logo

Administration Guide

Intrusion prevention signatures

Intrusion prevention signatures

Use the IPS Signatures monitor page to see where a signature is used, create a new IPS profile, or add the signature to an existing profile.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

Note

To view the IPS Signatures page as a Restricted Administrator, see Intrusion prevention signatures.

Managing IPS Signatures

Right-click a signature in the page to view where the signature is used, or add it to a new or existing IPS profile.

To view where a signature is used:
  1. Right-click a signature, and select Where Used. The Where <signature_name> is used window displays.

  2. (Optional) Select a signature in the list, and click Edit to modify the signature.

  3. (Optional) Select a signature in the list, and click View to display the signature details.

To create a new IPS profile:
  1. Right-click a signature, and select Add to IPS Profile. The Add to IPS Profile dialog is displayed.

  2. Click Create New IPS Profile.

  3. In the Profile Name field, type a name for the profile.

  4. From the Action dropdown, select the profile action.

  5. (Optional) In the Comments field, describe the IPS profile.

  6. (Optional) Click Signatures to add more signatures to the profile.

  7. Click OK.

To add signatures to an existing profile:
  1. Right-click a signature, and select Add to IPS Profile. The Add to IPS Profile dialog is displayed.

  2. Click Profile(s) to select the profiles, and then click OK.

  3. In the Profile Name field, type a name for the profile.

  4. From the Action dropdown, select the profile action.

  5. (Optional) Click Signatures to add more signatures to the profile.

  6. Click OK.

To check device on-hold status:
  1. Go to Policy & Objects > Security Profiles > IPS Signatures.

  2. In the toolbar, click More > Check On-Hold Status.

  3. Select a device from the Device list dropdown, and click OK.
    The All On-Hold Signatures monitor is displayed showing the current list of on-hold IPS signatures for the selected device.

To make a signature global:

Right-click a signature, and select Promote to Global.

Viewing IPS Signature details

To view IPS Signature Information page, click the IPS signature name. The following information is displayed:

Section Description
Name The IPS signature name.
Risk Displays the risk level.
Summary Describes the threats and vulnerabilities detected by the IPS signature.
Affected Products Displays the products that are vulnerable to the attack.
Action Provides recommendations to prevent an attack.
Analysis Provides specific details about how the vulnerability can be exploited.
References A list of links you can visit for more information.
Miscellaneous The signature ID.

To view information about the signature ID in FortiGuard, click the ID link in the ID column.

Intrusion prevention signatures

Intrusion prevention signatures

Use the IPS Signatures monitor page to see where a signature is used, create a new IPS profile, or add the signature to an existing profile.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

Note

To view the IPS Signatures page as a Restricted Administrator, see Intrusion prevention signatures.

Managing IPS Signatures

Right-click a signature in the page to view where the signature is used, or add it to a new or existing IPS profile.

To view where a signature is used:
  1. Right-click a signature, and select Where Used. The Where <signature_name> is used window displays.

  2. (Optional) Select a signature in the list, and click Edit to modify the signature.

  3. (Optional) Select a signature in the list, and click View to display the signature details.

To create a new IPS profile:
  1. Right-click a signature, and select Add to IPS Profile. The Add to IPS Profile dialog is displayed.

  2. Click Create New IPS Profile.

  3. In the Profile Name field, type a name for the profile.

  4. From the Action dropdown, select the profile action.

  5. (Optional) In the Comments field, describe the IPS profile.

  6. (Optional) Click Signatures to add more signatures to the profile.

  7. Click OK.

To add signatures to an existing profile:
  1. Right-click a signature, and select Add to IPS Profile. The Add to IPS Profile dialog is displayed.

  2. Click Profile(s) to select the profiles, and then click OK.

  3. In the Profile Name field, type a name for the profile.

  4. From the Action dropdown, select the profile action.

  5. (Optional) Click Signatures to add more signatures to the profile.

  6. Click OK.

To check device on-hold status:
  1. Go to Policy & Objects > Security Profiles > IPS Signatures.

  2. In the toolbar, click More > Check On-Hold Status.

  3. Select a device from the Device list dropdown, and click OK.
    The All On-Hold Signatures monitor is displayed showing the current list of on-hold IPS signatures for the selected device.

To make a signature global:

Right-click a signature, and select Promote to Global.

Viewing IPS Signature details

To view IPS Signature Information page, click the IPS signature name. The following information is displayed:

Section Description
Name The IPS signature name.
Risk Displays the risk level.
Summary Describes the threats and vulnerabilities detected by the IPS signature.
Affected Products Displays the products that are vulnerable to the attack.
Action Provides recommendations to prevent an attack.
Analysis Provides specific details about how the vulnerability can be exploited.
References A list of links you can visit for more information.
Miscellaneous The signature ID.

To view information about the signature ID in FortiGuard, click the ID link in the ID column.