Fortinet black logo

IPS Architecture Guide

Home FortiGate / FortiOS 7.4.0 IPS Architecture Guide
7.4.0
7.4.0

Enterprise edge

Enterprise edge

A network perimeter is the secured boundary between the private and locally managed side of a network, often a company’s intranet, and the public facing side of a network, often the Internet. IPS is typically deployed at this edge to protect the internal network from external threats such as malware, hacking attempts, and other malicious activities. In addition, perimeter IPS protects outbound traffic, such as critical assets reaching public networks. The IPS is typically placed in-line with the traffic flow at the edge of the network, between the perimeter firewall and the internal network.

IPS is commonly applied in the following locations within the enterprise edge:

Internet to server

In effective perimeter networks, incoming packets flow through security appliances that are hosted in secure subnets, before the packets can reach back-end servers. Security appliances include firewalls, network virtual appliances (NVAs), and other intrusion detection and prevention systems. Internet-bound packets from workloads must also flow through security appliances in the perimeter network before they can arrive the secure network.

Usually, central IT teams and security teams are responsible for defining operational requirements for perimeter networks. Perimeter networks can provide policy enforcement, inspection, and auditing.

When creating IPS rules to protect the backend servers, deep packet inspection is also required. For details how to select deep packet inspection profiles, see the deployment documentation.

Client Internet access

Vulnerabilities on client applications, like web browsers, are an increasing attack vector. Client to Internet IPS protection is becoming more important. Enabling client-targeted IPS signatures on general Internet policies is common practice as minimum IPS protection.

Remote access

IPS is applied to remote access connections such as VPNs to ensure that only authorized users are allowed to access the network. This includes analyzing remote access traffic for suspicious activity, such as brute force attacks or unauthorized access attempts.

Cloud service access

You can apply IPS to cloud services to protect against threats originating from cloud-based applications and services. This includes analyzing traffic to and from cloud services, such as cloud-based email or storage services, to detect and prevent malicious activity.

Partner connections

You can apply IPS to partner connections, such as connections to other corporate networks or third-party vendors, to ensure that these connections do not pose a threat to the internal network. This includes analyzing partner traffic for suspicious activity and blocking any malicious activity before it can reach the internal network.

Previous
Next

Enterprise edge

A network perimeter is the secured boundary between the private and locally managed side of a network, often a company’s intranet, and the public facing side of a network, often the Internet. IPS is typically deployed at this edge to protect the internal network from external threats such as malware, hacking attempts, and other malicious activities. In addition, perimeter IPS protects outbound traffic, such as critical assets reaching public networks. The IPS is typically placed in-line with the traffic flow at the edge of the network, between the perimeter firewall and the internal network.

IPS is commonly applied in the following locations within the enterprise edge:

Internet to server

In effective perimeter networks, incoming packets flow through security appliances that are hosted in secure subnets, before the packets can reach back-end servers. Security appliances include firewalls, network virtual appliances (NVAs), and other intrusion detection and prevention systems. Internet-bound packets from workloads must also flow through security appliances in the perimeter network before they can arrive the secure network.

Usually, central IT teams and security teams are responsible for defining operational requirements for perimeter networks. Perimeter networks can provide policy enforcement, inspection, and auditing.

When creating IPS rules to protect the backend servers, deep packet inspection is also required. For details how to select deep packet inspection profiles, see the deployment documentation.

Client Internet access

Vulnerabilities on client applications, like web browsers, are an increasing attack vector. Client to Internet IPS protection is becoming more important. Enabling client-targeted IPS signatures on general Internet policies is common practice as minimum IPS protection.

Remote access

IPS is applied to remote access connections such as VPNs to ensure that only authorized users are allowed to access the network. This includes analyzing remote access traffic for suspicious activity, such as brute force attacks or unauthorized access attempts.

Cloud service access

You can apply IPS to cloud services to protect against threats originating from cloud-based applications and services. This includes analyzing traffic to and from cloud services, such as cloud-based email or storage services, to detect and prevent malicious activity.

Partner connections

You can apply IPS to partner connections, such as connections to other corporate networks or third-party vendors, to ensure that these connections do not pose a threat to the internal network. This includes analyzing partner traffic for suspicious activity and blocking any malicious activity before it can reach the internal network.

Previous
Next