FortiGate Version 3.0 MR4 Administration Guide
356 01-30004-0203-20070102
Protocol Decoders Intrusion Protection
Protocol Decoders
The FortiGate IPS uses anomaly detection to identify network traffic that attempts
to take advantage of known exploits.
Viewing the protocol decoder list
To view the decoder list, go to Intrusion Protection > Signature > Protocol
Decoder.
Figure 234:Portion of the protocol decoder list
Name Enter a name for the custom signature.
Signature Enter the custom signature. For more information about custom
signature syntax, see “Custom signature syntax” in the FortiGate
Intrusion Protection System (IPS) Guide.
Action Select an action from the list. Action can be Pass, Drop, Reset, Reset
Client, Reset Server, Drop Session, Pass Session, or Clear Session.
See Table 36 for descriptions of the actions.
Packet Log Enable packet logging.
Severity Select a severity level from the dropdown list. Severity level can be
Information, Low, Medium, High, or Critical. Severity level is set for
individual signatures.
Note: If virtual domains are enabled on the FortiGate unit, the IPS is configured globally. To
access the IPS, select Global Configuration on the main menu.
Name The protocol decoder name.
Ports The port number or numbers the decoder monitors.
Configure icon Click to modify the signature attributes. By default, you cannot modify
settings of some decoders, because they are used by the system.