From 84c1ef1171f27a4c791c28e4b38b7a6bc8d28876 Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Wed, 15 Oct 2025 20:27:19 -0400
Subject: [PATCH] fortigate/vdom_TEST/ips.cfg Wed Oct 15 08:27:19 PM EDT 2025

---
 configs/fortigate/vdom_TEST/ips.cfg | 39 +++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 configs/fortigate/vdom_TEST/ips.cfg

diff --git a/configs/fortigate/vdom_TEST/ips.cfg b/configs/fortigate/vdom_TEST/ips.cfg
new file mode 100644
index 0000000..cb43115
--- /dev/null
+++ b/configs/fortigate/vdom_TEST/ips.cfg
@@ -0,0 +1,39 @@
+config ips sensor
+    edit "g-default"
+        set comment "Prevent critical attacks."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor IPS attacks."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "IPS_Test"
+        set block-malicious-url enable
+        set scan-botnet-connections block
+        config entries
+            edit 1
+                set severity medium high critical 
+                set action block
+            next
+        end
+    next
+    edit "gdd-botnet C&C IP blocking"
+        set comment "This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI"
+    next
+end