Intrusion prevention systems provide protection against known and future threats at the network level. In addition to signature-based detection, anomaly-based detection is performed. The system generates an alert when data matches a specific profile of attack behaviour. This behaviour is then analysed to detect the evolution of threats and develop new signatures, which in turn become part of the FortiGuard services.

• Implementation of IPS: The high-performance IPS module integrated in the FortiGate appliances can act either as a standalone device or as part of a multi-function firewall (UTM), as well as at the network perimeter (transition between internal and external network) and in the internal network. In this way, both protocol- or application-based attacks from outside and the spread of such malware in the internal network (which has entered the company via mobile end devices or data carriers, for example) can be detected and prevented.
• IPS for the head office and branch offices: Fortinet's flexible architecture and scalable product range takes into account implementations in the central network area to protect against external and internal attacks as well as securing branch offices of any size. This is achieved through identical IPS functionality on all FortiGate appliances. In combination with FortiManager and FortiAnalyzer, the largest and most complex VPN infrastructures can thus be realised flexibly, simply, cost-effectively and also with multi-client capability.
• One-Armed IDS (Sniffer): As a supplement, it is possible to create so-called sniffer policies with which a FortiGate functions as a "one-armed" intrusion detection system, i.e. it does not intervene in the data stream, but only reads it. The data traffic is examined for matches with already configured IPS sensors and application lists. If a match is found, it is logged and the incoming data is rejected. In this way, it is possible to examine the data traffic without processing the individual data packets.