Signatures
Intrusion Protection
FortiGate Version 4.0 Administration Guide
458
01-400-89802-20090424
Using display filters
By default, all the predefined signatures are displayed. You can apply filters to display only
the signatures you want to view. For example, if you want to view only the Windows
signatures, you can use the OS status filter. For more information, see
web-based manager lists” on page 53
To apply filters to the predefined signature list
1
Go to
UTM > Intrusion Protection > Predefined
.
2
Select the filter icon beside any column name in the signature table.
3
In
Edit Filters
, specify the filtering criteria. The criteria will vary depending on the
column name.
4
Select the
Enable
check box.
5
Select
OK
.
Clear All Filters
If you have applied filtering to the predefined signature list display, select this
option to clear all filters and display all the signatures.
Filter icons
Edit the column filters to filter or sort the predefined signature list according to
the criteria you specify. For more information, see
.
Name
The name of the signature. Each name is also a link to the description of the
signature in the
FortiGuard Center Vulnerability Encyclopedia
Severity
The severity rating of the signature. The severity levels, from lowest to highest,
are Information, Low, Medium, High, and Critical.
Target
The target of the signature: servers, clients, or both.
Protocols
The protocol the signature applies to.
OS
The operating system the signature applies to.
Applications
The applications the signature applies to.
Enable
The default status of the signature. A green circle indicates the signature is
enabled. A gray circle indicates the signature is not enabled.
Action
The default action for the signature:
Pass
— allows the traffic to continue without any modification.
Drop
— prevents the traffic with detected signatures from reaching its
destination.
If Logging is enabled, the action appears in the status field of the log message
generated by the signature.
ID
A unique numeric identifier for the signature.
Logging
The default logging behavior of the signature. A green circle indicates logging is
enabled. A gray circle indicates logging is disabled.
Group
A functional group that is assigned to that signature. This group is only for
reference and cannot be used to define filters.
Packet Log
The default packet log status of the signature. A green circle indicates that the
packet log is enabled. A gray circle indicates that the packet log is not enabled.
Revision
The revision level of the signature. If the signature is updated, the revision
number will be incremented.
Tip:
To determine what effect IPS protection would have on your network traffic, you can
enable the required signatures, set the action to pass, and enable logging. Traffic will not be
interrupted, but you will be able to examine in detail which signatures were detected.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...