Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 50A user manual Configuring checksum verification

Models: 50A

1 272

Download 272 pages 24.69 Kb

Page 216

Detecting attacks	Network Intrusion Detection System (NIDS)

Selecting the interfaces to monitor

To select the interfaces to monitor for attacks

1Go to NIDS > Detection > General.

2Select the interfaces to monitor for network attacks. You can select one or more interfaces.

3Select Apply.

Disabling monitoring interfaces

To disable monitoring interfaces for attacks

1Go to NIDS > Detection > General.

2Clear the check box for all the interfaces that you do not want monitored.

3Select Apply.

Configuring checksum verification

Checksum verification tests the files that pass through the FortiGate unit to make sure that they have not been changed in transit. The NIDS can run checksum verification on IP, TCP, UDP, and ICMP traffic. For maximum detection, you can turn on checksum verification for all types of traffic. However, if the FortiGate unit does not need to run checksum verification, you can turn it off for some or all types of traffic to improve system performance. For example, you might not need to run checksum verification if the FortiGate unit is installed behind a router that also does checksum verification.

To configure checksum verification

1Go to NIDS > Detection > General.

2Select the type of traffic that you want to run Checksum Verifications on.

3Select Apply.

Figure 31: Example NIDS detection configuration

216	Fortinet Inc.

Image 216

Fortinet 50A user manual Configuring checksum verification

Contents

Installation and Configuration Guide FebruaryTrademarks Regulatory ComplianceTable of Contents Transparent mode installation Virus and attack definitions updates and registration Network configuration Firewall configuration 137 Users and authentication 171 Pptp and L2TP VPN 203 Antivirus protection 225 Glossary 259 Index 263 Contents NAT/Route mode and Transparent mode NAT/Route modeTransparent mode IntroductionDocument conventions Fortinet documentation Comments on Fortinet technical documentationCustomer service and technical support Getting started Package contents MountingPowering on Connecting to the web-based managerEnvironmental specifications To power on the FortiGate-50A unitConnecting to the command line interface CLI To connect to the web-based managerTo connect to the CLI Bits per second Data bits ParityStop bits Flow control Factory default FortiGate configuration settings Factory default Dhcp configurationFactory default NAT/Route mode network configuration Factory default Transparent mode network configurationFactory default firewall configuration Factory default firewall configuration Recurring ServiceAuthentication ContentFactory default content profiles Strict content profileStrict content profile Options Scan content profile Web content profileScan content profile Options Web content profile OptionsPlanning the FortiGate configuration Unfiltered content profileUnfiltered content profile Options Configuration options Setup wizardCLI FortiGate model maximum values matrix Next steps Signatures Antivirus file Block patterns Web filterNext steps Getting started NAT/Route mode installation Preparing to configure NAT/Route mode Changing the default configurationInternal servers Using the setup wizard Advanced NAT/Route mode settingsStarting the setup wizard Reconnecting to the web-based managerUsing the command line interface Configuring the FortiGate unit to operate in NAT/Route modeConfiguring NAT/Route mode IP addresses ExampleConnecting the FortiGate unit to your networks FortiGate-50A ExternalInternal Configuring your networks Completing the configurationSetting the date and time Changing antivirus protectionConfiguring virus and attack definition updates Registering your FortiGate unitCompleting the configuration Transparent mode installation Preparing to configure Transparent modeTransparent mode settings Administrator Password DNS SettingsChanging to Transparent mode Go to System StatusConfiguring the Transparent mode management IP address Configure the Transparent mode default gatewayConnecting the FortiGate unit to your networks Enabling antivirus protection Registering your FortiGateGo to Firewall Policy Int-Ext Transparent mode configuration examples Default routes and static routesGeneral configuration steps Default route to an external networkWeb-based manager example configuration steps CLI configuration stepsGo to System Network Management Go to System Network RoutingDMZ Set system route number 1 dst 24.102.233.5 255.255.255.0 gw1 Example static route to an internal destination Set system route number 1 dst 172.16.1.11 255.255.255.0 gw1 System status System statusFirmware upgrade procedures Procedure Description Changing the FortiGate host nameChanging the FortiGate firmware To change the FortiGate host name Go to System StatusUpgrading the firmware using the web-based manager Upgrading the firmware using the CLITo upgrade the firmware using the web-based manager To upgrade the firmware using the CLIReverting to a previous firmware version Execute pingReverting to a previous firmware version using the CLI To revert to a previous firmware version using the CLI To install firmware from a system reboot Press any key to enter configuration menu Restoring the previous configuration Testing a new firmware image before installing itTo test a new firmware image Save as Default firmware/Run image without savingD/R Manual virus definition updates Manual attack definition updatesTo update the antivirus definitions manually To update the attack definitions manuallyBacking up system settings Restoring system settingsDisplaying the FortiGate serial number Displaying the FortiGate up timeRestoring system settings to factory defaults Changing to Transparent modeTo change to Transparent mode Go to System Status Changing to NAT/Route mode To change to NAT/Route mode Go to System StatusRestarting the FortiGate unit Shutting down the FortiGate unitSystem status Viewing CPU and memory statusTo view CPU and memory status Go to System Status Monitor Viewing sessions and network status CPU and memory status monitorViewing virus and intrusions status Sessions and network status monitorSession list To view the session list Go to System Status SessionProtocol Example session listSession list Virus and attack definitions updates and registration Updating antivirus and attack definitionsConnecting to the FortiResponse Distribution Network Go to System UpdateVersion Expiry date Last update attempt Last update status To make sure the FortiGate unit can connect to the FDNManually initiating antivirus and attack definitions updates Scheduling updates Configuring update loggingEnabling scheduled updates To configure update logging Go to Log&Report Log SettingTo add an override server Go to System Update Adding an override serverEnabling push updates Enabling scheduled updates through a proxy serverEnabling push updates Push updates when FortiGate IP addresses changeEnabling push updates through a NAT device To enable push updates Go to System UpdateExample push updates through a NAT device Example network topology Push updates through a NAT deviceGeneral procedure To configure the FortiGate NAT device Schedule Always Service ANY Action AcceptAdding a firewall policy for the port forwarding virtual IP Example push update configuration Registering FortiGate unitsFortiCare Service Contracts Registering the FortiGate unit Recovering a lost Fortinet support password Updating registration informationViewing the list of registered FortiGate units Registering a new FortiGate unit Adding or changing a FortiCare Support Contract numberChanging your Fortinet support password Changing your contact information or security questionDownloading virus and attack definitions updates Downloading virus and attack definition updatesRegistering a FortiGate unit after an RMA Registering a FortiGate unit after an RMA Network configuration Configuring interfacesChanging the administrative status of an interface Configuring an interface with a manual IP addressTo stop an interface that is administratively up Viewing the interface listConfiguring an interface for Dhcp ConnectingInitializing ConnectedConfiguring an interface for PPPoE Adding a secondary IP address to an interfaceControlling administrative access to an interface Adding a ping server to an interfaceConfiguring traffic logging for connections to an interface Changing the MTU size to improve network performanceConfiguring the management interface in Transparent mode Configuring routing Adding a default routeAdding DNS server IP addresses 100Adding destination-based routes to the routing table 101Adding routes in Transparent mode Configuring the routing table102 Policy routing 103Configuring Dhcp services Policy routing command syntaxConfiguring a Dhcp relay agent 104Configuring a Dhcp server Adding a Dhcp server to an interfaceAdding scopes to a Dhcp server 105Adding a reserve IP to a Dhcp server 106Scope Name IP PoolConfiguring the modem interface Viewing a Dhcp server dynamic IP list107 Connecting a modem to the FortiGate unit Configuring modem settingsTo configure modem settings Go to System Network Modem 108Connecting to a dialup account Disconnecting the modem109 To connect to a dialup account Go to System Network ModemBackup mode configuration Standalone mode configurationTo configure backup mode Go to System Network Modem Viewing modem statusTo operate in standalone mode Go to System Network Modem Adding firewall policies for modem connections111 112 RIP configuration RIP settings113 Invalid HolddownFlush Configuring RIP for FortiGate interfaces 115116 Adding RIP filters Adding a RIP filter list117 To add a RIP filter list Go to System RIP FilterAssigning a RIP filter list to the neighbors filter Assigning a RIP filter list to the incoming filterAssigning a RIP filter list to the outgoing filter 119120 System configuration Setting system date and timeTo set the date and time Go to System Config Time 121To set the system idle timeout Go to System Config Options To set the Auth timeout Go to System Config OptionsChanging system options 122Adding and editing administrator accounts Modifying the Dead Gateway Detection settings123 Adding new administrator accounts Editing administrator accountsTo add an administrator account Go to System Config Admin 124Configuring Snmp To edit an administrator account Go to System Config Admin125 Configuring the FortiGate unit for Snmp monitoring Configuring FortiGate Snmp supportConfiguring Snmp access to an interface Configuring Snmp community settings127 System NameSystem Location FortiGate MIBs 128FortiGate traps General FortiGate trapsSystem traps 129130 System configuration and status Firewall configurationUsers and authentication configuration 131132 Replacement messages Customizing replacement messages133 Customizing alert emails 134135 Nids event136 Critical eventFirewall configuration 137Default firewall configuration Addresses138 Services Content profilesSchedules 139Adding firewall policies 140Action 141VPN Tunnel Traffic Shaping142 Dynamic IP Pool Fixed PortAuthentication Anti-Virus & Web filter143 Maximum Bandwidth Traffic PriorityConfiguring policy lists Log TrafficComments 144Policy matching in detail Changing the order of policies in a policy list145 Addresses Enabling and disabling policiesDisabling policies Enabling policiesAdding addresses 147To add an address Go to Firewall Address Editing addresses Deleting addressesOrganizing addresses into address groups 148Services Predefined services149 150 GRE151 LdapAdding custom TCP and UDP services 152Adding custom Icmp services Adding custom IP servicesGrouping services 153Schedules 154Creating one-time schedules Creating recurring schedules155 Adding schedules to policies 156Virtual IPs 157To add a schedule to a policy Go to Firewall Policy Adding static NAT virtual IPs 158To add a static NAT virtual IP Go to Firewall Virtual IP Virtual IP External Interface examples Description InternalAdding port forwarding virtual IPs 159160 Adding a port forwarding virtual IPIP pools Adding policies with virtual IPs161 To add a policy with a virtual IP Go to Firewall PolicyAdding an IP pool IP Pools for firewall policies that use fixed portsIP pools and dynamic NAT 162IP/MAC binding 163Go to Firewall IP/MAC Binding Static IP/MAC Configuring IP/MAC binding for packets going to the firewall 164Adding IP/MAC addresses Viewing the dynamic IP/MAC listEnabling IP/MAC binding 165Content profiles 166Default content profiles Adding content profilesTo add a content profile Go to Firewall Content Profile 167168 Oversized File/Email Pass Fragmented EmailAdding content profiles to policies To add a content profile to a policy Go to Firewall Policy169 170 Users and authentication 171Setting authentication timeout Adding user names and configuring authenticationAdding user names and configuring authentication To set authentication timeout Go to System Config OptionsDeleting user names from the internal database 173Configuring Radius support Adding Radius serversDeleting Radius servers 174Configuring Ldap support Adding Ldap servers175 To add an Ldap server Go to User LdapDeleting Ldap servers 176To delete an Ldap server Go to User Ldap Configuring user groups Adding user groups177 To add a user group Go to User User GroupDeleting user groups 178To delete a user group Go to User User Group IPSec VPN 179Key management Manual KeysAutoIKE with pre-shared keys AutoIKE with certificatesGeneral configuration steps for a manual key VPN Manual key IPSec VPNsAdding a manual key VPN tunnel 181AutoIKE IPSec VPNs 182AES128 AES192General configuration steps for an AutoIKE VPN Adding a phase 1 configuration for an AutoIKE VPNTo create an AutoIKE VPN configuration To add a phase 1 configuration Go to VPN Ipsec Phase184 Remote Gateway Static IP AddressRemote Gateway Dialup User Configuring advanced options To configure phase 1 advanced options185 186 Adding a phase 1 configuration Standard options 187Adding a phase 2 configuration for an AutoIKE VPN To add a phase 2 configuration Go to VPN Ipsec Phase188 189 Use selectors from policyUse wildcard selectors Managing digital certificates Obtaining a signed local certificateGenerating the certificate request 190191 Key TypeKey Size Downloading the certificate request Importing the signed local certificateObtaining CA certificates 192Configuring encrypt policies Importing CA certificates193 Adding a source address Adding a destination address194 To add a source address Go to Firewall AddressAdding an encrypt policy 195To add an encrypt policy Go to Firewall Policy IPSec VPN concentrators 196VPN concentrator hub general configuration steps To create a VPN concentrator configuration197 Adding a VPN concentrator 198Source InternalAll Destination VPN spoke address Action VPN spoke general configuration steps To create a VPN spoke configuration199 200 VPN TunnelPolicies Monitoring and Troubleshooting VPNs To view VPN tunnel status Go to VPN Ipsec PhaseViewing VPN tunnel status Viewing dialup VPN connection statusTesting a VPN 202Configuring Pptp Configuring the FortiGate unit as a Pptp gatewayPptp and L2TP VPN 203204 To add a source address205 To add a source address groupTo add a destination address To add a firewall policyConfiguring a Windows 98 client for Pptp 206To connect to the Pptp VPN Configuring a Windows 2000 client for Pptp Configuring a Windows XP client for Pptp207 To configure the VPN connection 208Select Properties Security Configuring L2TP Configuring the FortiGate unit as an L2TP gateway209 210 To add source addressesConfiguring a Windows 2000 client for L2TP 211To disable IPSec 212To connect to the L2TP VPN Configuring a Windows XP client for L2TP 213214 Network Intrusion Detection System Nids Detecting attacks215 Configuring checksum verification Selecting the interfaces to monitorDisabling monitoring interfaces 216Viewing the signature list Viewing attack descriptions217 Disabling Nids attack signatures Adding user-defined signatures218 Downloading the user-defined signature list 219To enable Nids attack prevention Go to Nids Prevention Preventing attacksEnabling Nids attack prevention Enabling Nids attack prevention signaturesSetting signature threshold values 221Logging attacks Logging attack messages to the attack logReducing the number of Nids attack log and email messages Automatic message reductionManual message reduction 223224 General configuration steps Antivirus protection225 Antivirus scanning 226To scan FortiGate firewall traffic for viruses File blocking Blocking files in firewall trafficAdding file patterns to block 227Configuring limits for oversized files and email Blocking oversized files and emailsExempting fragmented email from blocking 228To view the virus list Go to Anti-Virus Config Virus List Viewing the virus list229 230 Web filtering 231Content blocking Go to Web Filter Content BlockAdding words and phrases to the Banned Word list 232Clearing the Banned Word list Backing up the Banned Word listRestoring the Banned Word list 233234 Example Banned Word List text fileConfiguring FortiGate Web URL blocking URL blockingAdding URLs to the Web URL block list 235Clearing the Web URL block list Downloading the Web URL block listUploading a URL block list 236Configuring FortiGate Web pattern blocking 237To upload a URL block list Configuring Cerberian URL filtering Installing a Cerberian license keyAdding a Cerberian user 238Configuring Cerberian web filter About the default group and policyTo configure Cerberian web filtering Enabling Cerberian URL filteringScript filtering Enabling script filteringSelecting script filter options 240Exempt URL list Adding URLs to the URL Exempt list241 Go to Web Filter URL ExemptDownloading the URL Exempt List Uploading a URL Exempt List242 243 244 Email filter 245Email banned word list Adding words and phrases to the email banned word list246 Downloading the email banned word list Uploading the email banned word list247 Email block list Adding address patterns to the email block listDownloading the email block list 248Email exempt list Uploading an email block list249 To upload the email block listTo add a subject tag Go to Email Filter Config Adding a subject tagAdding address patterns to the email exempt list 250Logging and reporting Recording logsRecording logs on a remote computer 251Recording logs on a NetIQ WebTrends server 252To filter log entries Go to Log&Report Log Setting Filtering log messagesLog message levels 253Configuring traffic logging 254Configuring traffic filter settings Enabling traffic loggingEnabling traffic logging for an interface Enabling traffic logging for a firewall policyDestination IP Address Destination Netmask Service Adding traffic filter entries256 Configuring alert email Adding alert email addresses257 To add a DNS server Go to System Network DNSTesting alert email Enabling alert email258 Glossary 259260 261 262 Index 263264 Index265 DNS266 Http267 NAT268 269 RMA270 TCP271 VPN272