Intrusion Protection Predefined signatures
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 351
administrators may be overrun with attack log messages and not have the
networking background required to configure the thresholds and other IPS
settings. In addition, the other protection features in the FortiGate unit, such as
antivirus (including grayware), spam filters, and web filters offer excellent
protection for all networks.
Predefined signatures
By default, not all signatures are enabled. But logging of all signatures is enabled.
Check the default settings to ensure they meet the requirements of the network
traffic.
Disabling unneeded signatures can improve system performance and reduce the
number of log messages and alert email messages the IPS generates. For
example, the IPS detects a large number of web server attacks. If access to a web
server behind the FortiGate unit is not provided, disable all web server attack
signatures.
Viewing the predefined signature list
Enable or disable and configure the settings for individual predefined signatures
from the predefined signature list. The list can be viewed by signature severity
level.
To view the predefined signature list, go to Intrusion Protection > Signature >
Predefined.
Figure 230:Predefined signature list
Note: By allowing your IPS signature settings to run on default, you may be slowing down
the overall performance of the FortiGate unit. By fine tuning the predefined signature and
logging setting, you can ensure maximum performance as well as maximum protection.
See “Fine tuning IPS predefined signatures for enhanced system performance” on
page 353
Note: If virtual domains are enabled on the FortiGate unit, the IPS is configured globally. To
access the IPS, select Global Configuration on the main menu.
To Next Page
Loading...
Need help?
General