Fortinet Tutorial - IPS Configuration ~ PT. Network Data Sistem

IPS Configuration – Fortigate is a firewall, where in one firewall one of the most widely used features is IPS (intrusion prevention system).

This time, we will try to practice a little about IPS on the Fortigate firewall, such as how to set it up and test it.

Table of Contents

Fortinet IPS Configuration

Here is an example of the topology in the EVE-NG application, you can open it in an easy way, namely on the website https://www.eve-ng.net

This EVE-NG is used to virtualize the Fortigate VM to simulate.

The explanation is as follows:

There is 1 PC (Win)
Fortigate Box
Then connect to the internet
In the Fortigate box, the settings are in accordance with the basics, so you can already connect to the internet.
Login to Fortigate VM
For IPS configuration, go to Security Profile menu > Intrusion Prevention

Actually there is already a profile that is already available, so you can already use the profile, or maybe you can create your own profile by clicking “Create New”
Fill in the Name, according to what you want, no problem.
Add a signature by clicking “Add Signature”

You can choose according to your wishes or needs
There are already a lot of IPS rules applied, you just have to apply to one of your policies that traffic passes.
Go to the “Policy & Objects” menu, then click IPv4 Policy, then just click as shown below gambar

You just have to Enable which IPS is passed by the traffic, if the settings have been done, click OK to save it
Now try running Nmap. The nmap performs http enumeration on example.com for testing
If the connection is successfully caught, then the connection is already in the “Log & Report” menu > Intrusion Prevention

If the network is already blocked like that, one of the benefits of IPS is that there are several basic signatures so we don’t need to defend one by one. So, maybe some viruses that are still zero day can still be caught. At least it can help to minimize the occurrence of a security bridge on your network.

Fortigate 60F For Easy and Professional IPS

Performance is at the core of all business development and digital innovation. Faster data access, support for performance-hungry business applications, and the ability to process large amounts of data all require high-performance solutions capable of delivering critical solutions at the speed of digital businesses.

And all major advances in performance begin with the development of new hardware designed specifically to support and accelerate applications, workflows, and transactions.

Fortigate 60 F is a top-of-the-line NGFW with the latest SD-WAN accelerated by a custom built security processor.

Fortigate 60 F . Specifications

FortiGate 60F powered by Fortinet’s latest SOC4 security processor enables Security Compute Ratings:

The Fortigate 60 F is an Entry Level firewall, providing a fast and secure SD-WAN solution in a compact, fanless desktop form factor for enterprise branch offices and midsize businesses.

Protect against internet threats with system-on-a-chip acceleration and industry-leading secure SDWAN in a simple, affordable and easy-to-implement solution. Fortinet’s Security-Driven Networking provides tight network integration into a new generation of security.

This small and compact piece of hardware can be multifunctional depending on how you implement it.

Bundling License

FortiGuard Labs provides a number of security intelligence services to add to the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.

That’s a brief explanation of how to configure the basic IPS in Fortigate. Maybe for those of you who have this Fortigate for the first time, you can configure it with IPS in your office, or even use it for personal needs, namely at home.

In order to minimize the occurrence of intrusion or security bridges on your network, it can be implemented once.