From ec4aea187bf8c51a2f0efaebd1aa251085cae366 Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Sat, 11 Oct 2025 17:07:42 -0400
Subject: [PATCH] fortigate/vdom_root/ips.cfg Sat Oct 11 05:07:41 PM EDT 2025

---
 configs/fortigate/vdom_root/ips.cfg | 81 +++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 configs/fortigate/vdom_root/ips.cfg

diff --git a/configs/fortigate/vdom_root/ips.cfg b/configs/fortigate/vdom_root/ips.cfg
new file mode 100644
index 0000000..250607a
--- /dev/null
+++ b/configs/fortigate/vdom_root/ips.cfg
@@ -0,0 +1,81 @@
+config ips sensor
+    edit "g-default"
+        set comment "Prevent critical attacks."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "g-sniffer-profile"
+        set comment "Monitor IPS attacks."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "g-wifi-default"
+        set comment "Default configuration for offloading WiFi traffic."
+        config entries
+            edit 1
+                set severity medium high critical 
+            next
+        end
+    next
+    edit "all_default"
+        set comment "All predefined signatures with default setting."
+        config entries
+            edit 1
+            next
+        end
+    next
+    edit "all_default_pass"
+        set comment "All predefined signatures with PASS action."
+        config entries
+            edit 1
+                set action pass
+            next
+        end
+    next
+    edit "high_security"
+        set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
+        set block-malicious-url enable
+        config entries
+            edit 1
+                set severity medium high critical 
+                set status enable
+                set action block
+            next
+            edit 2
+                set severity low 
+            next
+        end
+    next
+    edit "protect_client"
+        set comment "Protect against client-side vulnerabilities."
+        config entries
+            edit 1
+                set location client 
+            next
+        end
+    next
+    edit "protect_email_server"
+        set comment "Protect against email server-side vulnerabilities."
+        config entries
+            edit 1
+                set location server 
+                set protocol SMTP POP3 IMAP 
+            next
+        end
+    next
+    edit "protect_http_server"
+        set comment "Protect against HTTP server-side vulnerabilities."
+        config entries
+            edit 1
+                set location server 
+                set protocol HTTP 
+            next
+        end
+    next
+end