Network Intrusion Detection System (NIDS)
Preventing attacks
FortiGate-60R Installation and Configuration Guide
225
For example, setting the icmpflood signature threshold to 500 will allow 500 echo
requests from a source address, to which the system sends echo replies. If the
number of requests is 501 or higher, the FortiGate unit will block the attacker to
eliminate disruption of system operations.
If you enter a threshold value of 0 or a number out of the allowable range, the
FortiGate unit uses the default value.
To set Prevention signature threshold values:
1
Go to
NIDS > Prevention
.
2
Select Modify
beside the signature for which you want to set the Threshold value.
Signatures that do not have threshold values do not have Modify
icons.
3
Type the Threshold value.
4
Select the Enable check box.
5
Select OK.
Table 6: NIDS Prevention signatures with threshold values
Signature
abbreviation
Threshold value units
Default
threshold
value
Minimum
threshold
value
Maximum
threshold
value
synflood
Maximum number of SYN segments
received per second
200
30
3000
portscan
Maximum number of SYN segments
received per second
128
10
256
srcsession
Total number of TCP sessions initiated
from the same source
2048
128
10240
ftpovfl
Maximum buffer size for an FTP
command (bytes)
256
128
1024
smtpovfl
Maximum buffer size for an SMTP
command (bytes)
512
128
1024
pop3ovfl
Maximum buffer size for a POP3
command (bytes)
512
128
1024
udpflood
Maximum number of UDP packets
received from the same source or sent
to the same destination per second
2048
512
102400
udpsrcsession
Total number of UDP sessions initiated
from the same source
1024
512
102400
icmpflood
Maximum number of UDP packets
received from the same source or sent
to the same destination per second
256
128
102400
icmpsrcsession
Total number of ICMP sessions
initiated from the same source
128
64
2048
icmpsweep
Maximum number of ICMP packets
received from the same source per
second
32
16
2048
icmplarge
Maximum ICMP packet size (bytes)
32000
1024
64000
Summary of Contents for FortiGate 60R
Page 12: ...Contents 12 Fortinet Inc...
Page 26: ...26 Fortinet Inc Customer service and technical support Introduction...
Page 42: ...42 Fortinet Inc Next steps Getting started...
Page 138: ...138 Fortinet Inc Customizing replacement messages System configuration...
Page 228: ...228 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Page 242: ...242 Fortinet Inc Exempt URL list Web filtering...
Page 256: ...256 Fortinet Inc Configuring alert email Logging and reporting...
Page 260: ...260 Fortinet Inc Glossary...
Page 270: ...270 Fortinet Inc Index...