IPS Sensor for Fortigate with IPv6

December 3rd, 2011
Posted in Fortinet
By Peter Bruderer
Write comment

Fortinet got quite an advanced IPv6 implementation. Unfortunately it is not possible to assign an IPS sensor to a policy in the current releases. The good thing is, you can do it anyway. But you have to create an interface policy on the command line:

This is how it works:

config firewall interface-policy6
    edit 1
        set interface "port5"
        set srcaddr6 "all"
        set dstaddr6 "all"
        set service6 "HTTP"
        set ips-sensor-status enable
        set ips-sensor "WEB-ips"
    next
end

Like that you create a sensor per interface and not per policy. Much better then nothing, right?

Living with UNIX and other command line based systems

IPS Sensor for Fortigate with IPv6

Language

Categories

Links

Your IP

Living with UNIX and other command line based systems

IPS Sensor for Fortigate with IPv6

Language

Categories

Tags

Links

Your IP