Creating the IPS Security Profile
This is by no means the only way to set up this IPS filter, but it is the way that the fictional System Administrator wants it set up. Yours may be different.
1. Go to Security Profiles > Intrusion Protection > IPS Sensors.
2. Create a new sensor.
Name A-V_Conference-incoming
3. Select OK.
4. In the newly created sensor, create a new IPS filter.
Sensor Type Filter Based
Filter Options Advanced
Severity • Critical
- High
- Medium
- Low
Target Server
OS Windows
Application • IIS
- other
Protocol
Use the [Show more…]
option
- HTTP
- LDAP
- SIP
- SSL
- H323
Packet logging enabled
Based on these filters there should be somewhere in the neighborhood of 750 signatures that the FortiGate will run traffic against in the IPS engine.
Policies
Incoming Policy
A policy has to be made to allow the traffic to come in from the Internet to connect to the Tele-conferencing server equipment.
1. Go to Policy & Objects > Policy > IPv4.
2. Select Create New.
3. Fill out the fields with the following information:
Policy Type | Firewall | |
Policy Subtype | Address | |
Incoming Interface | wan1 | |
Source Address | all | |
Outgoing Interface | port7 | |
Destination Address | Vid-Conf_Room216 | |
Schedule | always | |
Service | A-V_Conference | |
Action | ACCEPT | |
Enable NAT | <not enabled> | |
Logging Options | Logging is a good idea but how much will depend on storage capabilities. | |
Security Profiles | Turn on IPS and choose “A-V_Conference-incoming” | |
Traffic Shaping, Web cache, WAN Optimization, Disclaimer: | The use of these features will depend on your network environment and should be decided by the network architect, as the decision will largely be based on network bandwidth, usage and importance of Video conferencing compared to other traffic. | |
4. |
Select OK. |
The policy will then need to be put in the correct position in the sequence of the policies. Because it is a rather focused policy it should be acceptable to place it near the top of the policy order sequence.