An IPS, also known as an intrusion prevention system, is a monitor that is setup to scan traffic on your network, identify any potential threats, and take the steps needed to eliminate the threat. An IPS device, much like a firewall, will sit in-line on your network and be able to take automatic action on all network traffic flows. In this instance, the IPS scanner will be a feature of the Firewall (FortiGate 60D). Fortigate use signature-based detection to identify threats (the other detection method is statistical anomaly-based detection).
In order to perform the following steps, you must be in possession of a FortiGate 60D with an active subscriptions to Fortinet's signature database.
First step would be to create an IPS sensor by going to Security Profiles then Intrusion Protection.
Select "Create New" by clicking on top of the Edit IPS Sensor window.
Create a name for your new IPS Sensor and an optional comment for future clarity.
Press OK to save changes.
The second step would be to add an IPS filter to the originally created sensor. Go back to Intrusion Protection on the configuration page and select your recently created IPS sensor.
Under IPS Filters, select "Add Filter".
Configure the filter based on your internal network needs. Signatures that match any characteristics you specificy will be applied. Once done, select Use Filters and click Apply.
The next step would be to choose an action when the IPS detects a signature. You can Pass, Monitor, Block, Reset, Default, Quarantine or Log Packets. Depending on your needs, you can cater the actions to your network.
Head to the Security Policy page and turn on IPS. Make sure to select the IPS Sensor you created from the list.
Pilot’s local support team is here for you.Contact Support