Справочник Пользователя для Fortinet IPS

The signatures included in the filter are only those matching every attribute 
specified. When created, a new filter has every attribute set to “all” which causes 
every signature to be included in the filter. If the severity is changed to high, and 
the target is changed to server, the filter includes only signatures checking for high 
priority attacks targeted at servers.

Pre-defined and custom overrides are configured and work mainly in the same 
way as filters. Unlike filters, each override defines the behavior of one signature.

Overrides can be used in two ways:

• To change the behavior of a signature already included in a filter. For example, 

to protect a web server, you could create a filter that includes and enables all 
signatures related to servers. If you wanted to disable one of those signatures, 
the simplest way would be to create an override and mark the signature as 
disabled.

• To add an individual signature, not included in any filters, to an IPS sensor. 

This is the only way to add custom signatures to IPS sensors.

When a pre-defined signature is specified in an override, the default status and 
action attributes have no effect. These settings must be explicitly set when 
creating the override.

Enter or change the name of the IPS filter.

Select All, or select Specify and then one or more severity ratings. 

Severity defines the relative importance of each signature. Signatures 

rated critical detect the most dangerous attacks while those rated as 

info pose a much smaller threat.

Select All, or select Specify and then the type of systems targeted by the 

attack. The choices are server or client.

Select All, or Select Specify and then select one or more operating 

systems that are vulnerable to the attack.
Signatures with an OS attribute of All affect all operating systems. 

These signatures will be automatically included in any filter regardless 

of whether a single, multiple, or all operating systems are specified.

Select All, or select Specify to list what network protocols are used by 

the attack. Use the Right Arrow to move the ones you want to include in 

the filter from the Available to the Selected list, or the Left Arrow to 

remove previously selected protocols from the filter.

Select All, or select Specify to list the applications or application suites 

vulnerable to the attack. Use the Right Arrow to move the ones you 

want to include in the filter from the Available to the Selected list, or the 

Left Arrow to remove previously selected protocols from the filter.

Select from the options to specify what the FortiGate unit will do with the 

signatures included in the filter: enable all, disable all, or enable or 

disable each according to the individual default values shown in the 

signature list.

Select from the options to specify whether the FortiGate unit will create 

log entries for the signatures included in the filter: enable all, disable all, 

or enable or disable logging for each according to the individual default 

values shown in the signature list.

Select from the options to specify what the FortiGate unit will do with 

traffic containing a signature match: pass all, block all, reset all, or block 

or pass traffic according to the individual default values shown in the 

signature list.