Predefined

IPS

 

 

This chapter describes:

Signature

Anomaly

Configuring IPS logging and alert email

Default fail open setting

Signature

The FortiGate IPS matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Fortinet’s FortiProtect infrastructure ensures the rapid identification of new threats and the development of new attack signatures.

You can configure the FortiGate unit to automatically check for and download an updated attack definition file containing the latest signatures, or you can manually download the updated attack definition file. You can also configure the FortiGate unit to allow push updates of updated attack definition files as soon as they are available from the FortiProtect Distribution Network. For details, see “Update center” on page 118.

When the FortiGate unit installs an updated attack definition file, it checks to see if the default configuration for any existing signatures has changed. If the default configuration has changed, the changes are preserved.

In addition to an extensive list of predefined attack signatures, you can also create your own custom attack signatures for the FortiGate unit. See “Adding custom signatures” on page 283.

Predefined

Predefined signatures are arranged into groups based on the type of attack. By default, all signature groups are enabled while some signatures within groups are not. Check the default settings to ensure they meet the requirements of your network traffic.

You can enable or disable signature groups or individual signatures. Disabling unneeded signatures can improve system performance and reduce the number of log messages and alert emails that the IPS generates. For example, the IPS detects a large number of web server attacks. If you do not provide access to a web server behind your FortiGate unit, you can disable all web server attack signatures.

Some signature groups include configurable parameters. The parameters that are available depend on the type of signatures in the signature group. When you configure these parameters for a signature group, the parameters apply to all of the signatures in the group.

For each signature, you can configure the action the FortiGate IPS takes when it detects an attack. The FortiGate IPS can pass, drop, reset or clear packets or sessions.

You can also enable or disable logging of the attack.

278

01-28007-0068-20041203

Fortinet Inc.

Page 278
Image 278
Fortinet 100A manual Signature, Predefined, 278

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.