282
01-28007-0068-20041203
Fortinet Inc.
Custom
IPS
Custom
You can create custom IPS signatures. The custom signatures you create are added
to a single Custom signature group.
Custom signatures provide the power and flexibility to customize the FortiGate IPS for
diverse network environments. The FortiGate predefined signatures cover common
attacks. If you are using an unusual or specialized application or an uncommon
platform, you can add custom signatures based on the security alerts released by the
application and platform vendors.
You can also use custom signatures to block or allow specific traffic. For example to
block traffic containing pornography, you can add custom signatures similar to the
following:
F-SBID (--protocol tcp; --flow established; --content "nude cheerleader"; --no_case)
When you add the signature set action to Drop Session.
For more information on custom signature syntax see the
FortiGate IPS Custom
Signatures Technical Bulletin
.
Custom signature list
Figure 147:The custom signature group
idle_timeout
If a session is idle for longer than this number of seconds, the session will
not be maintained by tcp_reassembler.
min_ttl
A packet with a higher ttl number in its IP header than the number specified
here is not processed by tcp_reassembler.
port_list
A comma separated list of ports. The dissector can decode these TCP ports.
bad_flag_list
A comma separated list of bad TCP flags.
reassembly_
direction
Valid settings are from-server, from-client, or both.
codepoint
A number from 0 to 63. Used for differentiated services tagging. When the
action for p2p and im signatures is set to Pass, the FortiGate unit checks the
codepoint. If the codepoint is set to a number from 1 to 63, the codepoint for
the session is changed to the specified value. If the codepoint is set to -1
(the default) no change is made to the codepoint in the IP header.
Note:
Custom signatures are an advanced feature. This document assumes the user has
previous experience creating intrusion detection signatures.
Enable custom
signature
Select the Enable custom signature box to enable the custom signature
group or clear the Enable custom signature box to disable the custom
signature group.
Create New
Select Create New to create a new custom signature.
Summary of Contents for FortiGate 100A
Page 12: ...Contents 12 01 28007 0068 20041203 Fortinet Inc ...
Page 24: ...24 01 28007 0068 20041203 Fortinet Inc FortiLog documentation Introduction ...
Page 72: ...72 01 28007 0068 20041203 Fortinet Inc Transparent mode VLAN settings System network ...
Page 80: ...80 01 28007 0068 20041203 Fortinet Inc DHCP IP MAC binding settings System DHCP ...
Page 114: ...114 01 28007 0068 20041203 Fortinet Inc Access profile options System administration ...
Page 232: ...232 01 28007 0068 20041203 Fortinet Inc Profile CLI configuration Firewall ...
Page 244: ...244 01 28007 0068 20041203 Fortinet Inc peergrp Users and authentication ...
Page 276: ...276 01 28007 0068 20041203 Fortinet Inc ipsec vip VPN ...
Page 338: ...338 01 28007 0068 20041203 Fortinet Inc Configuring the banned word list Spam filter ...
Page 356: ...356 01 28007 0068 20041203 Fortinet Inc syslogd setting Log Report ...
Page 374: ...374 01 28007 0068 20041203 Fortinet Inc Index ...