FortiGate Version 3.0 MR4 Administration Guide
350 01-30004-0203-20070102
About intrusion protection Intrusion Protection
Create custom attack signatures for the FortiGate unit to use in addition to an
extensive list of predefined attack signatures.
Whenever the IPS detects or prevents an attack, it generates an attack message.
Configure the FortiGate unit to add the message to the attack log and send an
alert email to administrators. Configure how often the FortiGate unit sends alert
email. Reduce the number of log messages and alerts by disabling signatures for
attacks to which the system is not vulnerable, for example, web attacks when
there is no web server running.
Packet logging provides administrators with the ability to analyze packets for
forensics and false positive detection.
For more information about FortiGate logging and alert email, see “Log&Report”
on page 407.
IPS settings and controls
Configure the IPS using either the web-based manager or the CLI, then enable or
disable all signatures or all anomalies in individual firewall protection profiles.
Table 35 describes the IPS settings and where to configure and access them.
To access protection profile IPS options, go to Firewall > Protection Profile,
select Edit or Create New, and select IPS.
When to use IPS
IPS is best for large networks or for networks protecting highly sensitive
information. Using IPS effectively requires monitoring and analysis of the attack
logs to determine the nature and threat level of an attack. An administrator can
adjust the threshold levels to ensure a balance between performance and
intrusion prevention. Small businesses and home offices without network
Note: If virtual domains are enabled on the FortiGate unit, the IPS is configured globally. To
access the IPS, select Global Configuration on the main menu.
Table 35: Protection Profile IPS and IPS configuration
Protection Profile IPS options IPS setting
IPS Signature Intrusion Protection > Signature
Enable or disable IPS signatures by
severity level.
View and configure a list of predefined
signatures.
Create custom signatures based on the
network requirements.
Configure protocol decoders.
IPS Anomaly Intrusion Protection > Anomaly
Enable or disable IPS anomalies by
severity level.
View and configure a list of predefined
anomalies.
Log Intrusions Intrusion Protection > Anomaly > [individual
anomaly]
Enable logging of all signature and
anomaly intrusions.
Enable logging for each signature.
Enable packet logging for each signature or
anomaly.
To Next Page
Loading...
Need help?
General