FortiGate IPS User Guide Version 3.0 MR7
10
01-30007-0080-20080916
Network performance
IPS overview and general configuration
To create an IPS sensor, go to
Intrusion Protection > IPS Sensor
. See
“IPS
sensors” on page 39
for details. To access the protection profile IPS sensor
selection, go to
Firewall > Protection Profile
, select Edit or Create New, and
select IPS.
To create a DoS Sensor, go to
Intrusion Protection > DoS Sensor
. See
“DoS
sensors” on page 45
for details.
When to use IPS
IPS is best for large networks or for networks protecting highly sensitive
information. Using IPS effectively requires monitoring and analysis of the attack
logs to determine the nature and threat level of an attack. An administrator can
adjust the threshold levels to ensure a balance between performance and
intrusion prevention. Small businesses and home offices without network
administrators may be overrun with attack log messages and not have the
networking background required to configure the thresholds and other IPS
settings. In addition, the other protection features in the FortiGate unit, such as
antivirus (including grayware), spam filters, and web filters offer excellent
protection for all networks.
Network performance
The FortiGate IPS is extremely accurate and reliable as an in-line network device.
Independent testing shows that the FortiGate IPS successfully detects and blocks
attacks even under high traffic loads, while keeping latency within expected limits.
This section describes:
•
Default signature and anomaly settings
•
Default fail open setting
•
Controlling sessions
•
Setting the buffer size
Default signature and anomaly settings
You can use IPS sensors to apply appropriate IPS signatures to different
protection profiles, then different firewall policies.
Default fail open setting
If for any reason the IPS should cease to function, it will fail open by default. This
means that crucial network traffic will not be blocked and the Firewall will continue
to operate while the problem is resolved.
Change the default fail open setting using the CLI:
config ips global
set fail-open [enable | disable]
end
Содержание FortiGate 3.0 MR7
Страница 1: ...www fortinet com FortiGate IPS User Guide Version 3 0 MR7 U S E R G U I D E...
Страница 50: ...FortiGate IPS User Guide Version 3 0 MR7 50 01 30007 0080 20080916 Understanding the anomalies DoS sensors...
Страница 60: ...FortiGate Version 3 0 MR7 IPS User Guide 60 01 30007 0080 20080916 Index T technical support 8...
Страница 61: ...www fortinet com...
Страница 62: ...www fortinet com...