- IPS signature need select according to infrastructure environment
Eg:- if we are not have Linux servers this ips signature can disable (default behavior of ips is to monitor TCP/IP packet) - Interzone to interzone or inside interfaces to inside interfaces traffic don't call ips profile. this will affect fortigate memory /CPU
- Only allow/call ips security profile (in firewall rule) from inside zone to outside zone
- Always create global profile and call in other VDOMs
- Always trigger IPS engine update manually using #execute update-ips from global mode (if the updates are not coming from fortiguard cloud)
- Always check the fortigate OS compatibility with IPS engine .
- In this case the IPS engine is outdated with version 6.4.2 fortigate OS built (above picture)
- Ones upgraded the ips we must restart the IPS engine using
# diag test app ipsmonitor 99 (from global mode cli)
#diag autoupdate versions | grep "IPS Attack" -A 6 (this command will help us to see the updated version from cli )
---------
Version: 6.00036
Contract Expiry Date: Sat Jan 16 2021
Last Updated using manual update on Mon Aug 31 14:17:05 2020
Last Update Attempt: Mon Oct 5 22:49:27 2020
Result: No Updates
