Application Signatures
The FortiProxy predefined signatures cover common attacks. If you use an unusual or specialized application or an uncommon platform, add custom signatures based on the security alerts released by the application and platform vendors.
You can create custom IPS signatures and custom application signatures to further extend protection. For example, you can use custom IPS signatures to protect unusual or specialized applications or even custom platforms from known and unknown attacks.
All custom signatures follow a particular syntax. Each begins with a header and is followed by one or more keywords. A custom signature definition is limited to a maximum length of 512 characters. A definition can be a single line or span multiple lines connected by a backslash (\) at the end of each line.
A custom signature definition begins with a header, followed by a set of keyword/value pairs enclosed by parenthesis [( )]. The keyword and value pairs are separated by a semicolon (;) and consist of a keyword and a value separated by a space. The following is the basic format of a definition:
HEADER (KEYWORD VALUE;)
You can use as many keyword/value pairs as required within the 512-character limit.
To view the available custom application signatures, go to Security Profiles > Application Signatures and click Signature. Custom application signatures are listed under a separate heading in the table. To create a custom application signature, see Create or edit an application signature.
To view the available custom application groups, go to Security Profiles > Application Signatures and click Group.To create a custom application group, see Create or edit an application group.