IPS overview and general configuration

Monitoring the network and dealing with attacks

Controlling sessions

Use this command to ignore sessions after a set amount of traffic has passed.

The default is 204800 bytes.

config ips global

set ignore-session-bytes <byte_integer> end

Setting the buffer size

Set the size of the IPS buffer. The size of the buffer is model-dependent.

config ips global

set socket-size <ips_buffer_size> end

Monitoring the network and dealing with attacks

After configuring IPS and enabling it in protection profiles, it is time to set up tracking and notification of attacks. Enabling logging and alert email to maintain user awareness of attacks on the network.

The next step is dealing with attacks if and when they occur. The FortiGuard Center at http://www.fortinet.com/FortiGuardCenter/ provides a comprehensive Attack Encyclopedia to help decide what actions to take to further protect the network.

This section describes:

Configuring logging and alert email

Attack log messages

The FortiGuard Center

Configuring logging and alert email

Whenever the IPS detects or prevents an attack, it generates an attack log message that can be recorded or sent as an alert email.

The FortiGate unit categorizes attack log messages by signature or anomaly and includes the attack name in the log message. Enable logging and alert email for attack signatures and attack anomalies.

Note: Attack and intrusion attempts occur frequently on networks connected to the Internet. Reduce the number of log messages and alert email by disabling signatures for attacks that the system is not vulnerable to (for example, web attacks when not running a web server).

To configure logging and alert email for IPS events using the web-based manager

1Go to Log&Report > Log Config > Log Setting.

2Select and configure the settings for any logging locations to use.

3Select Apply.

4Go to Log&Report > Log Config > Alert Email.

FortiGate IPS User Guide Version 3.0 MR7

 

01-30007-0080-20080916

11

Page 11
Image 11
Fortinet IPS manual Monitoring the network and dealing with attacks, Controlling sessions, Setting the buffer size