Intrusion Protection IPS CLI configuration
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 359
IPS CLI configuration
This section describes the CLI commands that extend features available through the
web-based manager. For complete descriptions and examples of how to enable
additional features through CLI commands, see the FortiGate CLI Reference.
system autoupdate ips
When the IPS is updated, user-modified settings are retained. If recommended IPS
signature settings have not been modified, and the updated settings are different,
signature settings will be set according to accept-recommended-settings.
ips global fail-open
If for any reason the IPS should cease to function, it will fail open by default. This
means crucial network traffic will not be blocked, and the firewall will continue to
operate while the problem is being resolved.
ips global ip_protocol
Save system resources by restricting IPS processing to only those services allowed
by firewall policies.
ips global socket-size
Set the size of the IPS buffer.
(config ips anomaly) config limit
Access the config limit subcommand using the config ips anomaly
<name_str> command. Use this command for session control based on source and
destination network address. This command is available for tcp_src_session,
tcp_dst_session, icmp_src_session, icmp_dst_session,
udp_src_session, udp_dst_session.
Action Select an action from the dropdown list: Pass, Drop, Reset, Reset Client, Reset
Server, Drop Session, Pass Session, Clear Session. See Table 36 for
descriptions of the actions.
Severity Select a severity level from the dropdown list: Information, Low, Medium, High,
or Critical.
Threshold For the IPS anomalies that include the threshold setting, traffic over the
specified threshold triggers the anomaly.
To Next Page
Loading...
