Network performance | IPS overview and general configuration |
To create an IPS sensor, go to Intrusion Protection > IPS Sensor. See “IPS sensors” on page 39 for details. To access the protection profile IPS sensor selection, go to Firewall > Protection Profile, select Edit or Create New, and select IPS.
To create a DoS Sensor, go to Intrusion Protection > DoS Sensor. See “DoS sensors” on page 45 for details.
When to use IPS
IPS is best for large networks or for networks protecting highly sensitive information. Using IPS effectively requires monitoring and analysis of the attack logs to determine the nature and threat level of an attack. An administrator can adjust the threshold levels to ensure a balance between performance and intrusion prevention. Small businesses and home offices without network administrators may be overrun with attack log messages and not have the networking background required to configure the thresholds and other IPS settings. In addition, the other protection features in the FortiGate unit, such as antivirus (including grayware), spam filters, and web filters offer excellent protection for all networks.
Network performance
The FortiGate IPS is extremely accurate and reliable as an
This section describes:
•Default signature and anomaly settings
•Default fail open setting
•Controlling sessions
•Setting the buffer size
Default signature and anomaly settings
You can use IPS sensors to apply appropriate IPS signatures to different protection profiles, then different firewall policies.
Default fail open setting
If for any reason the IPS should cease to function, it will fail open by default. This means that crucial network traffic will not be blocked and the Firewall will continue to operate while the problem is resolved.
Change the default fail open setting using the CLI:
config ips global
set fail-open [enable disable] end
| FortiGate IPS User Guide Version 3.0 MR7 |
10 |