From 2fbcd8d210675676226b99b1a1349f7831af99fe Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Wed, 15 Oct 2025 20:27:19 -0400
Subject: [PATCH] fortigate/vdom_scsd/ips.cfg Wed Oct 15 08:27:19 PM EDT 2025

---
 configs/fortigate/vdom_scsd/ips.cfg | 46 +++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 configs/fortigate/vdom_scsd/ips.cfg

diff --git a/configs/fortigate/vdom_scsd/ips.cfg b/configs/fortigate/vdom_scsd/ips.cfg
new file mode 100644
index 0000000..25f90fe
--- /dev/null
+++ b/configs/fortigate/vdom_scsd/ips.cfg
@@ -0,0 +1,46 @@
+config ips sensor
+    edit "g-default"
+        set comment "Prevent critical attacks."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor IPS attacks."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "Incoming_IPS"
+        set block-malicious-url enable
+        config entries
+            edit 1
+                set location server 
+                set severity medium high critical 
+                set action block
+            next
+        end
+    next
+    edit "Outgoing_IPS"
+        set block-malicious-url enable
+        set scan-botnet-connections block
+        config entries
+            edit 1
+                set location client 
+                set severity medium high critical 
+            next
+        end
+    next
+end