• Enable IPS scanning at the network edge for all services.

• Use FortiClient endpoint IPS scanning for protection against threats that get into your network.

• Subscribe to FortiGuard IPS Updates and configure your FortiGate unit to receive push updates. This will ensure you receive new IPS signatures as soon as they are available.

• Your FortiGate unit includes IPS signatures written to protect specific software titles from DoS attacks. Enable the signatures for the software you have installed and set the signature action to Block.

• You can view these signatures by going to Security Profiles > Intrusion Protection > Predefined and sorting by, or applying a filter to, the Group column.

• Because it is critical to guard against attacks on services that you make available to the public, configure IPS signatures to block matching signatures. For example, if you have a web server, configure the action of web server signatures to Block.