Contents

Configuring L2TP

213

Configuring the FortiGate unit as a L2TP gateway

214

Configuring a Windows 2000 client for L2TP

217

Configuring a Windows XP client for L2TP

218

Network Intrusion Detection System (NIDS)

221

Detecting attacks

221

Selecting the interfaces to monitor

222

Disabling the NIDS

222

Configuring checksum verification

222

Viewing the signature list

223

Viewing attack descriptions

223

Enabling and disabling NIDS attack signatures

224

Adding user-defined signatures

224

Preventing attacks

225

Enabling NIDS attack prevention

225

Enabling NIDS attack prevention signatures

226

Setting signature threshold values

226

Configuring synflood signature values

228

Logging attacks

228

Logging attack messages to the attack log

228

Reducing the number of NIDS attack log and email messages

229

Antivirus protection

231

General configuration steps

231

Antivirus scanning

232

File blocking

233

Blocking files in firewall traffic

233

Adding file patterns to block

233

Blocking oversized files and emails

234

Configuring limits for oversized files and email

234

Exempting fragmented email from blocking

234

Viewing the virus list

234

Web filtering

235

General configuration steps

235

Content blocking

236

Adding words and phrases to the banned word list

236

URL blocking

237

Using the FortiGate web filter

237

Using the Cerberian web filter

240

Script filtering

242

Enabling the script filter

242

Selecting script filter options

242

10

Fortinet Inc.

Page 10
Image 10
Fortinet 100 user manual Network Intrusion Detection System Nids 221