What happens when adding the FTP.Login.Failed signature to the IPS sensor profile?

When the FTP.Login.Failed signature is added to the IPS sensor profile, traffic that matches this signature will be silently dropped and logged. This means that when an unauthorized or failed login attempt to an FTP service is detected, the FortiGate device will prevent this malicious or incorrect traffic from reaching its intended destination, thereby protecting the network from various types of attacks such as brute-force password attempts.

Silently dropping the traffic is a proactive security measure, as it helps to mitigate potential exploitation of vulnerabilities associated with the FTP service. Logging this action allows administrators to maintain a record of such events, providing visibility into potential security threats while ensuring that the FTP service remains secure.

This approach of dropping and logging is vital in situations where failed login attempts could indicate an ongoing attack, helping security teams to take appropriate action based on the logged data while minimizing the impact on the network.