WAF signatures

AEK · ‎04-28-2024

Hello FortiGate admins

On FortiWeb appliance I can see all protected attack signatures with description and full details, but I can't find such list on FortiGate's WAF and anywhere on docs.fortinet.com.

Anyone knows if it is documented somewhere?

AEK

saneeshpv_FTNT · ‎04-28-2024

Hi @AEK ,

You can see signature details of the WAF in Fortigate with event ID.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-View-WAF-signature-details-with-WAF-s-even...

Apart from that I am worried you would be able to see any additional details in Fortigate related to WAF signatures.

Best Regards,

Saneesh

AEK · ‎04-28-2024

Thanks @saneeshpv_FTNT

But I mean the full list like we can see on FortiWeb.

It seems not documented neither, so we can't really know which Web attacks can FortiGate's WAF protect us from.

AEK

saneeshpv_FTNT · ‎04-29-2024

Hi @AEK ,

I believe this is because FortiWeb is a purpose build Web Application Firewall for protecting the Web (HTTP/S) traffic from the OWASP top 10 Web attacks and it defenitely has more detailed information about the attack signatures. But when it comes to fortigate, this feature is limited and it has only basic set of signatures available for OWASP top 10 and hence I don't think there is specific documentation available for this in Fortigate. On a side note, I would recommend if the Customer is actually looking to publish their webapplication with WAF protection, they should defenitely look for a FortiWeb and not rely on Fortigate WAF.

Best Regards,

Saneesh

AEK · ‎04-30-2024

Thanks Saneesh

However I believe Fortinet shouldn't leave it undocumented.

AEK

saneeshpv_FTNT · ‎04-30-2024

@AEK ,

Totally agree with you !