Справочник Пользователя для Fortinet IPS

An IPS sensor must be created before it can be configured by adding filters and 
overrides. To create an IPS sensor, go to Intrusion Protection > IPS Sensor and 
select Create New.

Each IPS sensor consists of two parts: filters and overrides. Overrides are always 
checked before filters.

Each filter consists of a number of signatures attributes. All of the signatures with 
those attributes, and only those attributes, are checked against traffic when the 
filter is run. If multiple filters are defined in an IPS Sensor, they are checked 
against the traffic one at a time, from top to bottom. If a match is found, the 
FortiGate unit takes the appropriate action and stops further checking.

A signature override can modify the behavior of a signature specified in a filter. A 
signature override can also add a signature not specified in the sensor’s filters. 
Custom signatures are included in an IPS sensor using overrides.

The signatures in the overrides are first compared to network traffic. If the IPS 
sensor does not find any matches, it then compares the signatures in each filter to 
network traffic, one filter at a time, from top to bottom. If no signature matches are 
found, the IPS sensor allows the network traffic.

Includes only the signatures designed to detect attacks 

against clients; uses the default enable status and action of 

each signature.

Includes only the signatures designed to detect attacks 

against servers and the SMTP, POP3, or IMAP protocols; 

uses the default enable status and action of each signature.

Includes only the signatures designed to detect attacks 

against servers and the HTTP protocol; uses the default 

enable status and action of each signature.

Enter the name of the new IPS sensor.

Enter an optional comment to display in the IPS sensor list.