What’s new in FortiOS 4.0
IPS extensions
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
31
•
IPS extensions
FortiOS 4.0 includes the following new IPS features:
•
DoS policies for applying IPS sensors
•
•
Adding IPS sensors to a DoS policy from the CLI
•
•
IPS interface policies for IPv6
•
DoS policies for applying IPS sensors
In FortiOS 4.0, you can now apply IPS Denial of Service (DoS) sensors to traffic on
interfaces by creating DoS policies. DoS policies are independent from firewall policies
and are used to associate DoS sensors with traffic that reaches a FortiGate interface.
DoS policies deliver packets to the IPS before they are accepted by firewall policies. This
arrangement has the following benefits:
•
Protection from denial of service attacks is more effective because these attacks can
be detected and blocked before the firewall sees the packets. So system resources are
not affected by denial of service attacks.
•
All attacking traffic can be filtered out before being accepted by firewall policies.
•
IPS can inspect traffic that is not normally processed by the firewall, including traffic
that is:
•
normally dropped by the firewall (for example, packets with invalid headers)
•
using a protocol not normally processed by firewall policies (for example, flood,
broadcast, and multicast traffic)
•
matched by a deny policy (deny policies do not include protection profiles)
•
not matched by any firewall policy.
For more information, see
NAC quarantine in DoS Sensors
From the FortiGate CLI you can now configure NAC quarantine for each anomaly in a DoS
Sensor. You can configure the anomaly to quarantine the source address of the attack
(
attacker
) or both the source and destination address of the attack (
both
).
config ips DoS
edit new_DoS-sensor
config anomaly
edit "tcp_dst_session"
set status enable
set quarantine {attacker | both | none}
set quarantine-expiry 600
set threshold 5000
end
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...