Fortinet 400 Network Intrusion Detection System (NIDS) ................................................... 249

Contents

FortiGate-400 Installation and Configuration Guide 11

Network Intrusion Detection System (NIDS) ................................................... 249

Detecting attacks ............................................................................................................ 249

Selecting the interfaces to monitor.............................................................................. 250

Disabling the NIDS............................................................................................. ......... 250

Configuring checksum verification .............................................................................. 250

Viewing the signature list ............................................................................................ 251

Viewing attack descriptions...................................................................................... ... 251

Enabling and disabling NIDS attack signatures.................... ...................................... 252

Adding user-defined signatures .................................................................................. 252

Preventing attacks .......................................................................................................... 253

Enabling NIDS attack prevention............ .................................................................... 253

Enabling NIDS attack prevention signatures .............................................................. 254

Setting signature threshold values..................................................................... ......... 254

Configuring synflood signature values........................ ................................................ 256

Logging attacks............................................................................ ................................... 256

Logging attack messages to the attack log........................................... ...................... 256

Reducing the number of NIDS attack log and email messages.................................. 257

Antivirus protection........................................................................................... 259

General configuration steps............................................... ............................................. 259

Antivirus scanning........................................................................... ................................ 260

File blocking................................................ .................................................................... 261

Blocking files in firewall traffic ..................................................................................... 262

Adding file patterns to block.................................................. ...................................... 262

Quarantine............ ............................................................................................. ............. 263

Quarantining infected files .......................................................................................... 263

Quarantining blocked files........................................................................................ ... 263

Viewing the quarantine list.......................... ................................................................ 264

Sorting the quarantine list ........................................................................................... 264

Filtering the quarantine list................................................................ .......................... 265

Deleting files from quarantine ..................................................................................... 265

Downloading quarantined files................................................................. ................... 265

Configuring quarantine options...................... ............................................................. 265

Blocking oversized files and emails................ ................................................................ 266

Configuring limits for oversized files and email.................................................. ......... 266

Exempting fragmented email from blocking.................................................................... 266

Viewing the virus list ....................................................................................................... 266

Web filtering ....................................................................................................... 267

General configuration steps............................................... ............................................. 267

Content blocking............ ................................................................................................. 268

Adding words and phrases to the banned word list .................................................... 268