Creating custom signatures

23

Custom signature fields

23

Custom signature syntax

24

Example custom signatures

33

Protocol decoders

37

Protocol decoders

37

Upgrading the IPS protocol decoder list

37

Viewing the protocol decoder list

38

IPS sensors

39

Viewing the IPS sensor list

39

Adding an IPS sensor

40

Configuring IPS sensors

40

Configuring filters

42

Configuring pre-defined and custom overrides

43

DoS sensors

45

Viewing the DoS sensor list

46

Configuring DoS sensors

46

Understanding the anomalies

48

SYN flood attacks

51

What is a SYN flood attack?

51

How SYN floods work

51

The FortiGate IPS Response to SYN flood attacks

52

What is SYN threshold?

52

What is SYN proxy?

52

How IPS works to prevent SYN floods

52

Configuring SYN flood protection

54

Suggested settings for different network conditions

54

ICMP sweep attacks

55

What is an ICMP sweep?

55

How ICMP sweep attacks work

55

The FortiGate IPS response to ICMP sweep attacks

55

Predefined ICMP signatures

56

ICMP sweep anomalies

57

Configuring ICMP sweep protection

58

Suggested settings for different network conditions

58

Index

59

 

FortiGate IPS User Guide Version 3.0 MR7

4

01-30007-0080-20080916

Page 4
Image 4
Fortinet manual Protocol decoders, IPS sensors, DoS sensors, SYN flood attacks, Icmp sweep attacks, Index