Services

Creating the IPS Security Profile

This is by no means the only way to set up this IPS filter, but it is the way that the fictional System Administrator wants it set up. Yours may be different.

1. Go to Security Profiles > Intrusion Protection > IPS Sensors.

2. Create a new sensor.

 

Name                                        A-V_Conference-incoming

3. Select OK.

4. In the newly created sensor, create a new IPS filter.

Sensor Type                              Filter Based

Filter Options                            Advanced

Severity                                      • Critical

  • High
  • Medium
  • Low

 

Target                                         Server

OS                                               Windows

Application                                • IIS

  • other

Protocol

Use the [Show more…]

option

  • HTTP
  • LDAP
  • SIP
  • SSL
  • H323

Packet logging                          enabled

Based on these filters there should be somewhere in the neighborhood of 750 signatures that the FortiGate will run traffic against in the IPS engine.

 

Policies

Incoming Policy

A policy has to be made to allow the traffic to come in from the Internet to connect to the Tele-conferencing server equipment.

1. Go to Policy & Objects > Policy > IPv4.

2. Select Create New.

3. Fill out the fields with the following information:

 

  Policy Type Firewall
Policy Subtype Address
Incoming Interface wan1
Source Address all
Outgoing Interface port7
Destination Address Vid-Conf_Room216
Schedule always
Service A-V_Conference
Action ACCEPT
Enable NAT <not enabled>
Logging Options Logging is a good idea but how much will depend on storage capabilities.
Security Profiles Turn on IPS and choose “A-V_Conference-incoming”
Traffic Shaping, Web cache, WAN Optimization, Disclaimer: The use of these features will depend on your network environment and should be decided by the network architect, as the decision will largely be based on network bandwidth, usage and importance of Video conferencing compared to other traffic.
 

4.

 

Select OK.

 

The policy will then need to be put in the correct position in the sequence of the policies. Because it is a rather focused policy it should be acceptable to place it near the top of the policy order sequence.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.