Manuals
/
Fortinet
/
Computer Equipment
/
Network Card
Fortinet
IPS
manual
Technical support
Models:
IPS
1
60
62
62
Download
62 pages
3.82 Kb
55
56
57
58
59
60
61
62
Default fail open setting
Custom signature configuration
Reset
IPS settings and controls
What is
Enable
Page 60
Image 60
Index
T
technical support 8
FortiGate Version 3.0 MR7 IPS User Guide
60
01-30007-0080-20080916
Page 59
Page 61
Page 60
Image 60
Page 59
Page 61
Contents
E R G U I D E
Trademarks
Contents
Protocol decoders
IPS sensors
DoS sensors
SYN flood attacks
Introduction
FortiGate IPS
About this document
Fortinet documentation
Document conventions
Typographic conventions
FortiGate Pptp VPN User Guide
Customer service and technical support
Fortinet Knowledge Center
Comments on Fortinet technical documentation
IPS overview and general configuration
IPS settings and controls
This section contains the following topics
When to use IPS
Default signature and anomaly settings
Default fail open setting
Config ips global Set fail-open enable disable end
Setting the buffer size
Configuring logging and alert email
Monitoring the network and dealing with attacks
Controlling sessions
Attack log messages Signature
Anomaly
FortiGuard Center
Using IPS sensors in a protection profile
Creating a protection profile that uses IPS sensors
Adding protection profiles to firewall policies
Select Create New
Adding protection profiles to user groups
Using IPS sensors in a protection profile
Predefined signatures
IPS predefined signatures
Viewing the predefined signature list
Settings
Enable
Column
Clear All Filters
Create a sensor and add IPS filters to it
Viewing the predefined signature list
Custom signatures
IPS custom signatures
Viewing the custom signature list
Custom signature configuration
Adding custom signatures using the web-based manager
Adding custom signatures using the CLI
Command syntax pattern
Creating custom signatures
Custom signature fields
Shows the valid characters for custom signature fields
Custom signature syntax
Attackid
Name BufferOverflow
Srcport
Content keywords Keyword and value Description
Deprecated, see pattern and context keywords
Pattern GET
Context uri
Pattern yahoo.com
Context host
Pcre
Regex/mdelim
RegexdelimismxAEGRU
Uri !uristr
Protocol tcp
IP header keywords Keyword and Value Description
TCP header keywords Keyword and Value Description
Tcpflags AP
Tcpflags S,12
UDP header keywords Keyword and Value Description
Icmp keywords Keyword and Value Usage
Other keywords Keyword and Value Description
Example 1 signature to block access to example.com
Example custom signatures
Sbid --name Block.example.com
Sbid --name Block.example.com
Example 2 signature to block the Smtp ‘vrfy’ command
Sbid --name Block.SMTP.VRFY.CMD
Sbid --name Block.SMTP.VRFY.CMD --pattern vrfy
Creating custom signatures
Protocol decoders
Protocol decoders
Upgrading the IPS protocol decoder list
Viewing the protocol decoder list
Protocol decoder list Protocols Protocol decoder names Port
Alldefault
Alldefaultpass
IPS sensors
Viewing the IPS sensor list
Configuring IPS sensors
Adding an IPS sensor
Protectclient
Protectemailserver
IPS sensor attributes
IPS sensor filters
Configuring filters
Reset
IPS sensor overrides
Delete and Edit Delete or edit the filter Icons
Configuring pre-defined and custom overrides
Application
Exempt IP
Source
DoS sensors
Configuring DoS sensors
Viewing the DoS sensor list
Sequence in which the sensors examine network traffic
Appears, and select OK
Anomaly configuration
DoS sensor attributes
Name Enter or change the DoS sensor name Comments
Will appear in the DoS sensor list
Understanding the anomalies
Anomaly Description Tcpdstsession
Udpflood
Udpscan
Udpsrcsession
Understanding the anomalies
What is a SYN flood attack?
SYN flood attacks
How SYN floods work
What is SYN threshold?
What is SYN proxy?
FortiGate IPS Response to SYN flood attacks
How IPS works to prevent SYN floods
IPS operation before synflood threshold is reached
Configuring SYN flood protection
Suggested settings for different network conditions
Configure the options for tcpsynflood Select OK
What is an Icmp sweep?
Icmp sweep attacks
How Icmp sweep attacks work
FortiGate IPS response to Icmp sweep attacks
Predefined Icmp signatures
Icmp sweep anomalies
Configuring Icmp sweep protection
Index
FortiGate Version 3.0 MR7 IPS User Guide
Technical support
Top
Page
Image
Contents