Enable IPS scanning
Enabling IPS scanning involves two separate parts of the FortiGate unit:
• The security policy allows certain network traffic based on the sender, receiver, interface, traffic type, and time of day. Firewall policies can also be used to deny traffic, but those policies do not apply to IPS scanning.
• The IPS sensor contains filters, signature entries, or both. These specify which signatures are included in the IPS sensor.
When IPS is enabled, an IPS sensor is selected in a security policy, and all network traffic matching the policy will be checked for the signatures in the IPS sensor.