IPS sensors
Intrusion Protection
FortiGate Version 4.0 Administration Guide
466
01-400-89802-20090424
•
To add an individual signature, not included in any filters, to an IPS sensor. This is the
only way to add custom signatures to IPS sensors.
When a pre-defined signature is specified in an override, the default status and action
attributes have no effect. These settings must be explicitly set when creating the override.
To edit a pre-defined or custom override, go to
UTM > Intrusion Protection > IPS Sensor
and select the
Edit
icon of the IPS sensor containing the override you want to edit. When
the sensor window opens, select the
Edit
icon of the override you want to change.
Figure 299: Configure IPS override
Note:
Before an override can affect network traffic, you must add it to a filter, and you must
select the filter in a protection profile applied to a policy. An override does not have the
ability to affect network traffic until these steps are taken.
Signature
Select the browse icon to view the list of available signatures. From this list,
select a signature the override will apply to and then select
OK
.
Enable
Select to enable the signature override.
Action
Select
Pass
,
Block
or
Reset
. When the override is enabled, the action
determines what the FortiGate will do with traffic containing the specified
signature.
Logging
Select to enable creation of a log entry if the signature is discovered in
network traffic.
Packet Log
Select to save packets that trigger the override to the FortiGate hard drive for
later examination.
Quarantine
Attackers (to
Banned Users List)
Select to enable NAC quarantine for this override. For more information
about NAC quarantine, see
“NAC quarantine and the Banned User list” on
The FortiGate unit deals with the attack according to the IPS sensor or DoS
sensor configuration regardless of this setting.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...