Intrusion Protection About intrusion protection
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 349
Intrusion Protection
The FortiGuard Intrusion Prevention System (IPS) combines signature and
anomaly intrusion detection and prevention with low latency and excellent
reliability. IPS provides configuration access to the IPS options enabled when
creating a firewall protection profile.
This section describes how to configure the FortiGate IPS settings. For detailed
information about IPS, see the FortiGate Intrusion Protection System (IPS) Guide.
The following topics are included in this section:
• About intrusion protection
• Predefined signatures
• Custom signatures
• Protocol Decoders
• Anomalies
• IPS CLI configuration
About intrusion protection
The FortiGate unit can record suspicious traffic in logs, can send alert email to
system administrators, and can log, pass, drop, reset, or clear suspicious packets
or sessions. Adjust some IPS anomaly thresholds to work best with the normal
traffic on the protected networks. Create custom signatures to customize the
FortiGate IPS for diverse network environments.
The FortiGate IPS matches network traffic against patterns contained in attack
signatures. Attack signatures reliably protect your network from known attacks.
Fortinet’s FortiGuard infrastructure ensures the rapid identification of new threats
and the development of new attack signatures.
FortiGuard services are a valuable customer resource and include automatic
updates of virus and IPS (attack) engines and definitions through the FortiGuard
Distribution Network (FDN). The FortiGuard Center also provides the FortiGuard
virus and attack encyclopedia and the FortiGuard Bulletin. Visit the Fortinet
Knowledge Center for details and a link to the FortiGuard Center.
The connection between the FortiGate unit and FortiGuard is configured in
System > Maintenance > FortiGuard Center. See “Configuring the FortiGate
unit for FDN and FortiGuard services” on page 162 for more information.
Configure the FortiGate unit to check automatically for and download updated
attack definition files containing the latest signatures, or download the updated
attack definition file manually. Alternately, configure the FortiGate unit to allow
push updates of updated attack definition files as soon as they are available from
the FortiGuard Distribution Network.
When the FortiGate unit installs an updated attack definition file, it checks to see if
the default configuration for any existing signatures has changed. If the default
configuration has changed, the changes are preserved.
To Next Page
Loading...
