Back
How to configure IPS on FortiGate firewall

How to configure IPS on FortiGate firewall

To configure IPS on a FortiGate firewall, enable an IPS sensor in the relevant security policy. Then, apply or customize the sensor under Security Profiles > Intrusion Prevention.

Intrusion prevention systems or IPS provide security for the networks and hosts within a network. They can detect and block network-based attacks. IPS sensors can be enabled based on IPS signatures, IPS patterns and IPS filters. Many service providers provide separate hardware or software for IPS functionality. However, certain high-end firewall providers bundle IPS capability into their firewall box itself which is actually a complete threat management solution in itself. 

In today’s topic we will learn about how to configure Intrusion prevention (IPS) on a FortiGate firewall

What is FortiGate Firewall IPS

FortiGate intrusion prevention is designed to provide real time threat protection for networks. It leverages signature-based behaviour and anomaly-based detection techniques to detect and prevent security threats. FortiGate applies intrusion prevention using a variety of operational modes. All three modes have their own benefits and limitations, which one to choose is based on the placement.  

  • L3 (NAT/route mode): In this mode FortiGate places an L3 network where traffic is routed. IP addresses are configured statistically or dynamically on each interface. MAC based policies are applicable for IPS policy source address in NAT route mode.
  • Virtual wire mode: In this mode it is deployed between two network segments. It operates like a virtual wire and does not perform routing or NAT. 
  • Transparent mode: In this mode it acts like a bridge. All interfaces in the same VDOM are in the same L2 forwarding domain.

Configuring IPS on FortiGate Firewall

To configure IPS on FortiGate firewall 

Step 1

Choose endpoint policy🡪 Infranet Enforcer

Step 2

Click on New Infranet Enforcer and select FortiGate firewall in platform from drop down

Provide name of Intranet Enforcer: ‘FortiGate 12D’ 

Enter FortiGate firewall IP address

Enter shared secret 

Enter port number 

Step 3

Click on Save changes and create policies on FortiGate firewall for enforcement of traffic

FortiGate has IPS sensors which are collections of IPS signatures and filters which define what IPS engine will scan when the sensor is applied. An IPS sensor could have multiple signatures or filters. Custom IPS signatures can also be created to apply to an IPS sensor. 

Step 4

From Security profiles 🡪 Intrusion prevention pane – create new sensor and also view list of predefined sensors. FortiOS has a predefined list of sensors having associated signatures. 

 IPS sensorsDescription
all_defaultTo filter all predefined signatures, setting action to the signature’s default action.
all_default_passTo filter all predefined signatures, and set action to monitor / pass
defaultTo filters all predefined signatures having Critical/High/Medium severity and set

action to signature’s default action.

high_securityTo filters all predefined signatures having Critical/High/Medium severity and set

Action as block. Low severity signatures action set to default action.

protect_clientTo filter on Target=Client for protection from client-side vulnerabilities by setting action as default action
protect_email_serverTo filter on target = sever and protocol = IMAP, POP3 or SMTP for protection from email server-side vulnerabilities Sets action to signature’s default action.
protect_http_serverTo filter on Target=Server and Protocol=HTTP for protection from HTTP server-side vulnerabilities. Sets action to signature’s default action.
wifi-defaultTo filter all predefined signatures having Critical/High/Medium severity. Sets action default action. Meant for offloading Wi-Fi traffic.

IPS engine does not examine network traffic by default for all signatures. It examines network traffic for signatures mentioned in IPS sensors. You need to create an IPS sensor and specify which IPS signature it is going to use. 

Step 5

To view IPS sensors go to security profiles🡪 intrusion prevention and to create new sensor click on ‘New’

Step 6

Under IPS signatures and filters, click create new to create a set of IPS signatures or set of IPS filters. 

IPS sensors can be created for specific types of traffic. FortiGuard periodically adds predefined signatures to update and counter new threats. These are included automatically in IPS sensors which are configured to use filters when new signatures match with specifications of filters.

Tag:,

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being - "The more you share, the more you learn."

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that "learning is a constant process of discovering yourself."
- Rashmi Bhardwaj (Author/Editor)

You may also like

Growth-Driven Leadership
Growth-Driven Leadership: Navigating Change with Confidence
May 26, 2025
Decentralized Applications (dApps)
Decentralized Applications (dApps): Definition, Uses, Pros and Cons
May 22, 2025
Endpoint Detection and Response vs Network Detection and Response
Endpoint Detection and Response (EDR) vs. Network Detection and Response (NDR): Which is Right for Your Organization?
May 20, 2025

Leave A Reply

Your email address will not be published. Required fields are marked *

three × 3 =

Select your currency
USD United States (US) dollar
INR Indian rupee