Fortinet manual Custom signatures, IPS custom signatures, Viewing the custom signature list

Custom signatures

Custom signatures provide the power and flexibility to customize the FortiGate Intrusion Protection system for diverse network environments. The FortiGate predefined signatures represent common attacks. If you use an unusual or specialized application or an uncommon platform, you can add custom signatures based on the security alerts released by the application and platform vendors.

You can also create custom signatures to help you block P2P protocols.

After creation, you need to specify custom signatures in IPS sensors created to scan traffic.

This section describes:

•IPS custom signatures

•Viewing the custom signature list

•Custom signature configuration

•Creating custom signatures

IPS custom signatures

The FortiGate predefined signatures cover common attacks. If an unusual or specialized application or an uncommon platform is being used, add custom signatures based on the security alerts released by the application and platform vendors.

Use custom signatures to block or allow specific traffic. For example, to block the SMTP “vrfy” command, add custom signatures similar to the following:

F-SBID( --name "Block.SMTP.VRFY.CMD"; --protocol tcp; --service SMTP; --pattern "vrfy"; --no_case; --context header; )

Note: If virtual domains are enabled on the FortiGate unit, IPS is configured separately in each VDOM. Sensors, filters, and custom signatures will only appear in the VDOM in which they were created.

Viewing the custom signature list

To view the custom signature list, go to Intrusion Protection > Signature >

Custom.

Figure 4: The custom signature list