Fortigate IPS and DoS

 1.Expoit
   Known, confirmed attack, detected by signature
              IPS signature
              WAF signature
               Antivirus signature
   example: Explot to known application vulnerabilities                 

2 .Anomaly
    Zero-day or DoS attach
    Detected by behavioral analysis
            Rate-based IPS signature
            DoS policies
            Protocol constraints inspection
    example: high rate traffic (DoS/Flood)

3. IPS components
     IPS signature databases
     Protocol decoders
     IPS Engine  - app control, antivirus, web filter, email filter, DLP

4. IPS license.

5. Regular and Extended signature database.

6. IPS profile

Add individual signature or use filter

7. IPS signature -- Hold time

config system ips
    set signature-hold-time 0h
end

8. Add signature with CVE number via CLI

9: DoS
    Policy & Object > IPv4 DoS Policy
        TCP SYN flood  -- incomplete connection requests
        ICMP sweep
        TCP port scan

10. Web Application Firewall (WAF)
      Turn on  in Feature Visibility
      only in Proxy-base policy

11. Troubleshooting

12. Fail open
config ips global|
    set fail-open <enable | disable>