IPS extensions
What’s new in FortiOS 4.0
FortiGate Version 4.0 Administration Guide
32
01-400-89802-20090424
Adding IPS sensors to a DoS policy from the CLI
You can now add an IPS Sensor to a DoS policy from the CLI. The CLI command for
configuring DoS policies is
config firewall interface-policy
. The following
command syntax shows how to add an example IPS sensor called
all-default_pass
to a DoS policy with policy ID 5 that was previously added from the web-based manager.
config firewall interface-policy
edit 5
set ips-sensor-status enable
set ips-sensor all_default_pass
end
One-arm IDS (sniffer mode)
Using the one-arm intrusion detection system (IDS), you can now configure a FortiGate
unit to operate as an IDS appliance by sniffing packets for attacks without actually
receiving and otherwise processing the packets.
To configure one-arm IDS, you enable sniffer mode on a FortiGate interface and connect
that interface to a hub or to the SPAN port of a switch that is processing network traffic.
Then you can add DoS policies for that FortiGate interface that include DoS sensors and
optionally IPS sensors to detect attacks in the traffic that the FortiGate interface receives
from the hub or switch SPAN port.
In sniffer mode, the interface receives packets accepted by DoS policies only. All packets
not received by DoS policies are dropped. All packets received by DoS policies go through
IPS inspection and are dropped when this inspection detects attacks.
One-arm IDS cannot block traffic. However, if you enable logging in the DoS and IPS
sensors, the FortiGate unit records log messages for all detected attacks.
Figure 1: One-arm IDS topology
To enable sniffer mode on a FortiGate unit port5 interface, enter the following CLI
commands:
config system interface
edit port5
Hub or switch
SPAN
port
Internet
Internal
network
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...