Справочник Пользователя для Fortinet IPS

Custom signatures provide the power and flexibility to customize the FortiGate 
Intrusion Protection system for diverse network environments. The FortiGate 
predefined signatures represent common attacks. If you use an unusual or 
specialized application or an uncommon platform, you can add custom signatures 
based on the security alerts released by the application and platform vendors.

You can also create custom signatures to help you block P2P protocols.

After creation, you need to specify custom signatures in IPS sensors created to 
scan traffic.

This section describes:

•

•

•

•

The FortiGate predefined signatures cover common attacks. If an unusual or 
specialized application or an uncommon platform is being used, add custom 
signatures based on the security alerts released by the application and platform 
vendors. 

Use custom signatures to block or allow specific traffic. For example, to block the 
SMTP “vrfy” command, add custom signatures similar to the following:

F-SBID( --name "Block.SMTP.VRFY.CMD"; --protocol tcp; 
--service SMTP; --pattern "vrfy"; --no_case; 
--context header; )

To view the custom signature list, go to Intrusion Protection > Signature > 
Custom.

Note: If virtual domains are enabled on the FortiGate unit, IPS is configured separately in 
each VDOM. Sensors, filters, and custom signatures will only appear in the VDOM in which 
they were created.