FortiGate-800 Installation and Configuration Guide Version 2.50

Network Intrusion Detection System (NIDS)

The FortiGate NIDS is a real-time network intrusion detection sensor that uses attack signature definitions to both detect and prevent a wide variety of suspicious network traffic and direct network-based attacks. Also, whenever an attack occurs, the FortiGate NIDS can record the event in a log and send an alert email to the system administrator.

This chapter describes:

Detecting attacks

Preventing attacks

Logging attacks

Detecting attacks

The NIDS Detection module detects a wide variety of suspicious network traffic and network-based attacks. Use the following procedures to configure the general NIDS settings and the NIDS Detection module Signature List.

For the general NIDS settings, you must select which interfaces you want to be monitored for network-based attacks. You also need to decide whether to enable checksum verification. Checksum verification tests the integrity of packets received at the monitored interfaces.

This section describes:

Selecting the interfaces to monitor

Disabling monitoring interfaces

Configuring checksum verification

Viewing the signature list

Viewing attack descriptions

Disabling NIDS attack signatures

Adding user-defined signatures

FortiGate-800 Installation and Configuration Guide

269

Page 269
Image 269
Fortinet FortiGate-800 manual Network Intrusion Detection System Nids, Detecting attacks, 269