Configuring ICMP sweep protection

ICMP sweep attacks

Configuring ICMP sweep protection

To configure the ICMP sweep anomaly protection settings

1Go to Intrusion Protection > DoS Sensor.

2Select Create New.

3Configure the options for icmp_sweep, icmp_src_session, and icmp_dst_session.

4Select OK.

Suggested settings for different network conditions

Enable or disable the ICMP predefined signatures depending on current network traffic and the network scanning tools being used.

To use the icmp_sweep anomaly, monitor the network to find out the normal ICMP traffic patterns. Configure the icmp_sweep anomaly threshold to be triggered when an unusual volume of ICMP requests occurs.

 

FortiGate IPS User Guide Version 3.0 MR7

58

01-30007-0080-20080916

Page 58
Image 58
Fortinet IPS manual Configuring Icmp sweep protection, Suggested settings for different network conditions