Viewing the DoS sensor list

DoS sensors

Viewing the DoS sensor list

To view the anomaly list, go to Intrusion Protection > DoS Sensor.

Figure 12: The DoS sensor list

Create New

Add a new DoS sensor to the bottom of the list.

ID

A unique identifier for each DoS sensor. The ID does not indicate the

 

sequence in which the sensors examine network traffic.

Status

Select to enable the DoS sensor.

Name

The DoS sensor name.

Comments

An optional description of the DoS sensor.

Delete

Delete the DoS sensor.

Edit icon

Edit the following information: Action, Severity, and Threshold.

Insert DoS

Create a new DoS sensor before the current sensor.

Sensor before

 

icon

 

Move To icon

Move the current DoS sensor to another position in the list. After

 

selecting this icon, enter the destination position in the window that

 

appears, and select OK.

Configuring DoS sensors

Because an improperly configured DoS sensor can interfere with network traffic, no DoS sensors are present on a factory default FortiGate unit. You must create your own and then enable them before they will take effect. Thresholds for newly created sensors are preset with recommended values that you can adjust to meet the needs of your network.

Note: It is important to know normal and expected network traffic before changing the default anomaly thresholds. Setting the thresholds too low could cause false positives, and setting the thresholds too high could allow otherwise avoidable attacks.

To configure DoS sensors, go to Intrusion Protection > DoS Sensor. Select the Edit icon of an existing DoS sensor, or select Create New to create a new DoS sensor.

 

FortiGate IPS User Guide Version 3.0 MR7

46

01-30007-0080-20080916

Page 46
Image 46
Fortinet IPS Viewing the DoS sensor list, Configuring DoS sensors, Sequence in which the sensors examine network traffic