278
01-28007-0068-20041203
Fortinet Inc.
Predefined
IPS
This chapter describes:
•
Signature
•
Anomaly
•
Configuring IPS logging and alert email
•
Default fail open setting
Signature
The FortiGate IPS matches network traffic against patterns contained in attack
signatures. Attack signatures reliably protect your network from known attacks.
Fortinet’s FortiProtect infrastructure ensures the rapid identification of new threats and
the development of new attack signatures.
You can configure the FortiGate unit to automatically check for and download an
updated attack definition file containing the latest signatures, or you can manually
download the updated attack definition file. You can also configure the FortiGate unit
to allow push updates of updated attack definition files as soon as they are available
from the FortiProtect Distribution Network. For details, see
“Update center” on
page 118
.
When the FortiGate unit installs an updated attack definition file, it checks to see if the
default configuration for any existing signatures has changed. If the default
configuration has changed, the changes are preserved.
In addition to an extensive list of predefined attack signatures, you can also create
your own custom attack signatures for the FortiGate unit. See
“Adding custom
signatures” on page 283
.
Predefined
Predefined signatures are arranged into groups based on the type of attack. By
default, all signature groups are enabled while some signatures within groups are not.
Check the default settings to ensure they meet the requirements of your network
traffic.
You can enable or disable signature groups or individual signatures. Disabling
unneeded signatures can improve system performance and reduce the number of log
messages and alert emails that the IPS generates. For example, the IPS detects a
large number of web server attacks. If you do not provide access to a web server
behind your FortiGate unit, you can disable all web server attack signatures.
Some signature groups include configurable parameters. The parameters that are
available depend on the type of signatures in the signature group. When you
configure these parameters for a signature group, the parameters apply to all of the
signatures in the group.
For each signature, you can configure the action the FortiGate IPS takes when it
detects an attack. The FortiGate IPS can pass, drop, reset or clear packets or
sessions.
You can also enable or disable logging of the attack.
Содержание FortiGate 100A
Страница 12: ...Contents 12 01 28007 0068 20041203 Fortinet Inc ...
Страница 24: ...24 01 28007 0068 20041203 Fortinet Inc FortiLog documentation Introduction ...
Страница 46: ...46 01 28007 0068 20041203 Fortinet Inc Installing and using a backup firmware image System status ...
Страница 72: ...72 01 28007 0068 20041203 Fortinet Inc Transparent mode VLAN settings System network ...
Страница 80: ...80 01 28007 0068 20041203 Fortinet Inc DHCP IP MAC binding settings System DHCP ...
Страница 114: ...114 01 28007 0068 20041203 Fortinet Inc Access profile options System administration ...
Страница 232: ...232 01 28007 0068 20041203 Fortinet Inc Profile CLI configuration Firewall ...
Страница 244: ...244 01 28007 0068 20041203 Fortinet Inc peergrp Users and authentication ...
Страница 276: ...276 01 28007 0068 20041203 Fortinet Inc ipsec vip VPN ...
Страница 338: ...338 01 28007 0068 20041203 Fortinet Inc Configuring the banned word list Spam filter ...
Страница 356: ...356 01 28007 0068 20041203 Fortinet Inc syslogd setting Log Report ...
Страница 374: ...374 01 28007 0068 20041203 Fortinet Inc Index ...