diff --git a/configs/fortigate/vdom_TEST/ips.cfg b/configs/fortigate/vdom_TEST/ips.cfg
new file mode 100644
index 0000000..cb43115
--- /dev/null
+++ b/configs/fortigate/vdom_TEST/ips.cfg
@@ -0,0 +1,39 @@
+config ips sensor
+    edit "g-default"
+        set comment "Prevent critical attacks."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor IPS attacks."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "IPS_Test"
+        set block-malicious-url enable
+        set scan-botnet-connections block
+        config entries
+            edit 1
+                set severity medium high critical 
+                set action block
+            next
+        end
+    next
+    edit "gdd-botnet C&C IP blocking"
+        set comment "This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI"
+    next
+end