|
|
IPS overview and general configuration | The FortiGate IPS |
IPS overview and general configuration
This section contains the following topics:
•The FortiGate IPS
•Network performance
•Monitoring the network and dealing with attacks
•Using IPS sensors in a protection profile
The FortiGate IPS
An IPS is an Intrusion Prevention System for networks. While early systems focused on intrusion detection, the continuing rapid growth of the Internet, and the potential for the theft of sensitive data, has resulted in the need for not only detection, but prevention.
The FortiGate IPS detects intrusions by using attack signatures for known intrusion methods, and detects anomalies in network traffic to identify new or unknown intrusions. Not only can the IPS detect and log attacks, but users can choose actions to take on the session when an attack is detected. This guide describes how to configure and use the IPS and the IPS response to some common attacks.
Both the IPS predefined signatures and the IPS engine are upgraded through the FortiGuard Distribution Network (FDN). These upgrades provide the latest protection against IM/P2P and other threats. Firmware upgrades will update anomaly options. The FortiGate IPS default settings implement the recommended settings for all signatures and anomalies. Signature settings and some anomaly thresholds are
Administrators are notified of intrusions and possible intrusions through log messages and alert email.
Packet logging provides administrators with the ability to analyze packets for forensics and false positive detection.
IPS settings and controls
Configure the Intrusion Protection system using either the
Note: If virtual domains are enabled on the FortiGate unit, the Intrusion Protection settings are configured separately in each VDOM. All sensors and custom signatures will appear only in the VDOM in which they were created.
FortiGate IPS User Guide Version 3.0 MR7 |
|
9 |
