Chapter 1 What’s New for FortiOS 5.0 : Security Features : Custom Application Control signatures and IPS signatures
  
Custom Application Control signatures and IPS signatures
The application control and IPS signatures provide coverage for most applications and network vulnerabilities. You can extend the coverage by adding custom application signatures and custom IPS signatures.
You add custom application signatures by going to Security Policies > Application Control > Application List and selecting Create New.
You add custom IPS signatures by going to Security Policies > Intrusion Protection > IPS Signatures and selecting Create New.
Custom application signatures and custom IPS signatures use the same syntax. See the UTM Guide for a description the signature syntax.
Figure 31: Example custom application signature
Use the following command to add a custom application control signature.
config application custom
edit New-custom-sig
set signature F-SBID( --attack_id 8640; --name "Block.WMP.Get"; --default_action drop_session; --protocol tcp; --service HTTP; --flow from_client; --pattern "Pragma: xPlayStrm=1"; )
end
Use the following command to add a custom IPS signature.
config ips custom
edit New-custom-sig
set signature F-SBID( --attack_id 8640; --name "Block.WMP.Get"; --default_action drop_session; --protocol tcp; --service HTTP; --flow from_client; --pattern "Pragma: xPlayStrm=1"; )
end