200
Fortinet Inc.
Logging attacks
Network Intrusion Detection System (NIDS)
Configuring synflood signature values
For synflood signatures, you can set the threshold, queue size, and keep alive values.
1
Go to
NIDS > Prevention
.
2
Select Modify
for the synflood signature.
3
Type the Threshold value.
4
Type the Queue Size.
5
Type the Timeout value.
6
Select the Enable check box.
Alternatively, select the synflood Enable check box in the Prevention signature list.
7
Select OK.
Logging attacks
Whenever the NIDS detects or prevents an attack, it generates an attack message.
You can configure the system to add the message to the attack log.
•
Logging attack messages to the attack log
•
Reducing the number of NIDS attack log and email messages
Logging attack messages to the attack log
Use the following procedure to log attack messages to the attack log.
1
Go to
Log&Report > Log Setting
.
2
Select Config
Policy for the log locations you have set.
3
Select Attack Log.
4
Select Attack Detection and Attack Prevention.
5
Select OK.
Value
Description
Minimum
value
Maximum
value
Default
value
Threshold
Number of SYN requests sent to a
destination host or server per second. If the
SYN requests are being sent to all ports on
the destination, as opposed to just one port,
the threshold quadruples (4 x).
30
3000
200
Queue Size
Maximum number of proxied connections
that the FortiGate unit handles. The
FortiGate unit discards additional proxy
requests.
10
10240
1024
Timeout
Number of seconds for the SYN cookie to
keep a proxied connection alive. This value
limits the size of the proxy connection table.
3
60
15
Note:
For information about log message content and formats, and about log locations, see the
Logging Configuration and Reference Guide.
Summary of Contents for FortiGate FortiGate-50
Page 16: ...16 Fortinet Inc Customer service and technical support Introduction...
Page 32: ...32 Fortinet Inc Next steps Getting started...
Page 40: ...40 Fortinet Inc Completing the configuration NAT Route mode installation...
Page 112: ...112 Fortinet Inc Customizing replacement messages System configuration...
Page 144: ...144 Fortinet Inc Content profiles Firewall configuration...
Page 202: ...202 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Page 216: ...216 Fortinet Inc Exempt URL list Web filtering...
Page 228: ...228 Fortinet Inc Configuring alert email Logging and reporting...
Page 232: ...232 Fortinet Inc Glossary...