Manuals
/
Brands
/
Computer Equipment
/
Network Card
/
Fortinet
/
Computer Equipment
/
Network Card
Fortinet
IPS manual
1
1
62
62
Download
62 pages, 1.07 Mb
www.fortinet.com
FortiGate
IPS User Guide
Version 3.0 MR7
USER GUIDE
Contents
Main
Page
Contents
IPS overview and general configuration.......................................... 9
Predefined signatures ..................................................................... 17
Custom signatures........................................................................... 21
Protocol decoders ........................................................................... 37
DoS sensors..................................................................................... 45
SYN flood attacks ............................................................................ 51
ICMP sweep attacks......................................................................... 55
Introduction
The FortiGate IPS
About this document
Document conventions
Typographic conventions
!
Page
Fortinet Knowledge Center
Comments on Fortinet technical documentation
Customer service and technical support
IPS overview and general configuration
The FortiGate IPS
IPS settings and controls
When to use IPS
Network performance
Default signature and anomaly settings
Default fail open setting
Controlling sessions
Setting the buffer size
Monitoring the network and dealing with attacks
Configuring logging and alert email
Attack log messages Signature
Anomaly
The FortiGuard Center
Using IPS sensors in a protection profile
Creating a protection profile that uses IPS sensors
Adding protection profiles to firewall policies
Page
Page
Predefined signatures
IPS predefined signatures
Viewing the predefined signature list
Fine tuning IPS predefined signatures for enhanced system performance
Page
Page
Custom signatures
IPS custom signatures
Viewing the custom signature list
Custom signature configuration
Adding custom signatures using the web-based manager
Adding custom signatures using the CLI
Command syntax pattern
Creating custom signatures
Custom signature fields
Custom signature syntax
--attack_id 1234;
---name "Buffer_Overflow";
--src_port 41523; --flow bi_direction;
Page
Page
Page
Page
--protocol tcp;
Page
--tcp_flags AP
tcp_flags S,12
Page
Example custom signatures
Example 1: signature to block access to example.com
Page
Example 2: signature to block the SMTP vrfy command
Page
Protocol decoders
Protocol decoders
Upgrading the IPS protocol decoder list
Page
IPS sensors
Viewing the IPS sensor list
Adding an IPS sensor
Configuring IPS sensors
IPS sensor attributes:
IPS sensor filters:
IPS sensor overrides:
Configuring filters
Configuring pre-defined and custom overrides
Page
DoS sensors
Viewing the DoS sensor list
Configuring DoS sensors
DoS sensor attributes: Anomaly configuration:
Understanding the anomalies
Page
Page
SYN flood attacks
What is a SYN flood attack?
How SYN floods work
The FortiGate IPS Response to SYN flood attacks
What is SYN threshold?
What is SYN proxy?
How IPS works to prevent SYN floods
Page
Configuring SYN flood protection
Suggested settings for different network conditions
ICMP sweep attacks
What is an ICMP sweep?
How ICMP sweep attacks work
The FortiGate IPS response to ICMP sweep attacks
Predefined ICMP signatures
Tabl e 11 describes all the ICMP-related predefined signatures and the default settings for each.
ICMP sweep anomalies
Configuring ICMP sweep protection
Suggested settings for different network conditions
Index
A
C
D
F