FortiGate Version 3.0 MR4 Administration Guide
358 01-30004-0203-20070102
Anomalies Intrusion Protection
Viewing the traffic anomaly list
To view the anomaly list, go to Intrusion Protection > Anomaly.
Figure 235:A portion of the traffic anomaly list
Configuring IPS traffic anomalies
Each IPS traffic anomaly is preset with a recommended configuration. Use the
recommended configurations, or modify the recommended configurations to meet
the needs of your network.
To configure IPS traffic anomalies, go to Intrusion Protection > Anomaly.
Figure 236:Edit IPS Traffic Anomaly: icmp_dst_session
View traffic
anomalies with
severity
Select filters then select Go to view only those anomalies that match the
filter criteria. Sort criteria can be <=, =, >= to All, Information, Low,
Medium, High, or Critical.
Name The traffic anomaly name.
Enable The status of the traffic anomaly. A check mark in the box indicates the
anomaly signature is enabled.
Logging The logging status for each traffic anomaly. A check mark in the box
indicates logging is enabled for the anomaly.
Action The action set for each traffic anomaly. Action can be Pass, Drop, Reset,
Reset Client, Reset Server, Drop Session, Clear Session, or Pass
Session. If logging is enabled, the action appears in the status field of the
log message generated by the Anomaly. See Table 36 for descriptions of
the actions.
Severity The severity level set for each traffic anomaly. Severity level can be
Information, Low, Medium, High, or Critical. Severity level is set for
individual anomalies.
Edit icon Select to edit the following information: Action, Severity, and Threshold.
Reset icon The Reset icon is displayed only if an anomaly has been modified. Use
the Reset icon to restore modified settings to the recommended values.
To Next Page
Loading...
