Viewing the predefined signature list | Predefined signatures |
By default, the signatures are sorted by name. To sort the table by another column, select the required column header name.
Column | Select to customize the signature information displayed in the table. You |
Settings | can also readjust the column order. |
Clear All Filters | If you have applied filtering to the predefined signature list display, select |
| this option to clear all filters and display all the signatures. |
Name | The name of the signature, linked to the FortiGuard Center web page |
| about the signature. |
Severity | The severity rating of the signature. The severity levels, from lowest to |
| highest, are Information, Low, Medium, High, and Critical. |
Target | The target of the signature. Servers, clients, or both. |
Protocols | The protocol the signature applies to. |
OS | The operating system the signature applies to. |
Applications | The applications the signature applies to. |
Enable | The default status of the signature. A green circle indicates the signature |
| is enabled. A gray circle indicates the signature is not enabled. |
Action | The default action for the signature. The available actions are pass and |
| drop. |
| • Pass allows the traffic to continue without any modification. If you |
| want to determine what effect IPS protection would have on your |
| network traffic, you can enable the required signatures, set the action |
| to pass, and enable logging. Traffic will not be interrupted, but you |
| will be able to examine in detail which signatures were detected. |
| • Drop prevents the traffic with detected signatures from reaching its |
| destination. |
| If logging is enabled, the action appears in the status field of the log |
| message generated by the signature. |
ID | A unique numeric identifier for the signature. |
Logging | The default logging behavior of the signature. A green circle indicates |
| logging is enabled. A gray circle indicates logging is disabled. |
Group | A functional group that is assigned to the signature. This group is only |
| for reference and cannot be used to define filters. |
Packet Log | The default packet log status of the signature. A green circle indicates |
| packet log is enabled. A gray circle indicates packet log is disabled. |
Revision | The revision level of the signature. If the signature is updated, the |
| revision number will be incremented. |
Fine tuning IPS predefined signatures for enhanced system performance
In FortiOS the FortiGate unit will have most of the predefined signatures enabled and will log all of them by default. To meet your specific network requirements, you need to fine tune the signature settings.
By fine tuning the signatures and log settings you can provide the best protection available but also free up valuable FortiGate resources. Fine tuning enables you to turn off features that you are not using. By turning off signatures and logs that you do not use, you allow the FortiGate unit to perform tasks faster thus improving overall system performance.
Not all systems require you to scan for all signatures of the IPS suite all the time. By configuring the FortiGate unit to not monitor for these signatures, you will maintain a high level of security and increase overall performance.
| FortiGate IPS User Guide Version 3.0 MR7 |
18 |
