Fortinet IPS manual About this document, Fortinet documentation, Document conventions, Addressipv4

Page 6

About this document

Introduction

About this document

Document conventions

The following document conventions are used in this guide:

•In the examples, private IP addresses are used for both private and public IP addresses.

•Notes and Cautions are used to provide important information:

Note: Highlights useful additional information.

Caution: Warns you about commands or procedures that could have unexpected or ! undesirable results including loss of data or damage to equipment.

Typographic conventions

FortiGate documentation uses the following typographical conventions:

Convention	Example

Keyboard input	In the Gateway Name field, type a name for the remote VPN
	peer or client (for example, Central_Office_1).
Code examples	F-SBID (--protocol tcp; --flow
	established; --content "content here";
	--no_case)
CLI command syntax	config firewall policy
	edit id_integer
	set http_retry_count <retry_integer>
	set natip <address_ipv4mask>
	end
Document names	FortiGate Administration Guide

File content	<HTML><HEAD><TITLE>Firewall
	Authentication</TITLE></HEAD>
	<BODY><H4>You must authenticate to use this
	service.</H4>
Menu commands	Go to VPN > IPSEC > Phase 1 and select Create New.

Program output	Welcome!
Variables	<address_ipv4>

Fortinet documentation

The most up-to-date publications and previous releases of Fortinet™ product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com.

The following FortiGate product documentation is available:

•FortiGate QuickStart Guide

Provides basic information about connecting and installing a FortiGate unit.

	FortiGate IPS User Guide Version 3.0 MR7
6	01-30007-0080-20080916

Image 6

Contents E R G U I D E Trademarks Contents DoS sensors Protocol decodersIPS sensors SYN flood attacksIntroduction FortiGate IPSDocument conventions About this documentFortinet documentation Typographic conventionsFortiGate Pptp VPN User Guide Customer service and technical support Fortinet Knowledge CenterComments on Fortinet technical documentation IPS overview and general configuration IPS settings and controlsThis section contains the following topics Default fail open setting When to use IPSDefault signature and anomaly settings Config ips global Set fail-open enable disable endMonitoring the network and dealing with attacks Setting the buffer sizeConfiguring logging and alert email Controlling sessionsAttack log messages Signature Anomaly FortiGuard CenterAdding protection profiles to firewall policies Using IPS sensors in a protection profileCreating a protection profile that uses IPS sensors Select Create NewAdding protection profiles to user groups Using IPS sensors in a protection profile Predefined signatures IPS predefined signaturesViewing the predefined signature list Column SettingsEnable Clear All FiltersCreate a sensor and add IPS filters to it Viewing the predefined signature list Custom signatures IPS custom signaturesViewing the custom signature list Adding custom signatures using the CLI Custom signature configurationAdding custom signatures using the web-based manager Command syntax patternCreating custom signatures Custom signature fieldsShows the valid characters for custom signature fields Name BufferOverflow Custom signature syntaxAttackid SrcportContent keywords Keyword and value Description Deprecated, see pattern and context keywords Pattern yahoo.com Pattern GETContext uri Context hostRegexdelimismxAEGRU PcreRegex/mdelim Uri !uristrProtocol tcp IP header keywords Keyword and Value DescriptionTCP header keywords Keyword and Value Description Tcpflags AP Tcpflags S,12UDP header keywords Keyword and Value Description Icmp keywords Keyword and Value UsageOther keywords Keyword and Value Description Example 1 signature to block access to example.com Example custom signaturesSbid --name Block.example.com Sbid --name Block.example.com Example 2 signature to block the Smtp ‘vrfy’ command Sbid --name Block.SMTP.VRFY.CMDSbid --name Block.SMTP.VRFY.CMD --pattern vrfy Creating custom signatures Protocol decoders Protocol decodersUpgrading the IPS protocol decoder list Viewing the protocol decoder list Protocol decoder list Protocols Protocol decoder names PortIPS sensors AlldefaultAlldefaultpass Viewing the IPS sensor listProtectclient Configuring IPS sensorsAdding an IPS sensor ProtectemailserverIPS sensor attributes IPS sensor filtersIPS sensor overrides Configuring filtersReset Delete and Edit Delete or edit the filter IconsConfiguring pre-defined and custom overrides ApplicationExempt IP SourceDoS sensors Sequence in which the sensors examine network traffic Configuring DoS sensorsViewing the DoS sensor list Appears, and select OKName Enter or change the DoS sensor name Comments Anomaly configurationDoS sensor attributes Will appear in the DoS sensor listUnderstanding the anomalies Udpscan Anomaly Description TcpdstsessionUdpflood UdpsrcsessionUnderstanding the anomalies What is a SYN flood attack? SYN flood attacksHow SYN floods work FortiGate IPS Response to SYN flood attacks What is SYN threshold?What is SYN proxy? How IPS works to prevent SYN floodsIPS operation before synflood threshold is reached Configuring SYN flood protection Suggested settings for different network conditionsConfigure the options for tcpsynflood Select OK How Icmp sweep attacks work What is an Icmp sweep?Icmp sweep attacks FortiGate IPS response to Icmp sweep attacksPredefined Icmp signatures Icmp sweep anomalies Configuring Icmp sweep protection Index FortiGate Version 3.0 MR7 IPS User GuideTechnical support