Using one-arm sniffer policies to detect network attacks Firewall Policy
FortiGate Version 4.0 MR1 Administration Guide
408 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
If virtual domains are enabled on the FortiGate unit, sniffer policies are configured
separately for each virtual domain; you must access the VDOM before you can configure
its policies. To access a VDOM, go to System > VDOM, and in the row corresponding to
the VDOM whose policies you want to configure, select Enter.
You can add, delete, edit, and re-order policies in the sniffer policy list. Sniffer policy order
affects policy matching. As with firewall policies and DoS policies, sniffer policies are
checked against traffic in the order in which they appear in the sniffer policy list, one at a
time, from top to bottom. When a matching policy is discovered, it is used and further
checking for sniffer policy matches are stopped. If no match is found the packet is
dropped.
To view the sniffer policy list, go to Firewall > Policy > Sniffer Policy.
Figure 219: The Sniffer policy list
Create New Add new a sniffer policy. Select the down arrow beside Create New to
add a new section to the list to visually group the policies.
Column Settings Customize the table view. You can select the columns to hide or
display and specify the column displaying order in the table. See
“Using column settings to control the columns displayed” on page 103.
Section View Select to display firewall policies organized by interface.
Global View Select to list all firewall policies in order according to a sequence
number.
Filter icon Edit column filters to filter or sort the policy list according to the criteria
you specify. For more information, see “Adding filters to web-based
manager lists” on page 99.
Status When selected, the DoS policy is enabled. Clear the checkbox to
disable the policy. See “Enabling and disabling policies” on page 389.
ID A unique identifier for each policy. Policies are numbered in the order
they are created.
Source The source address or address group to which the policy applies. For
more information, see “Firewall Address” on page 421.
Destination The destination address or address group to which the policy applies.
For more information, see “Firewall Address” on page 421.
Service The service to which the policy applies. For more information, see
“Firewall Service” on page 427.
DoS The DoS sensor selected in this policy.
Sensor The IPS sensor selected in this policy.
Delete
Edit
Move To
Insert Policy before
Filter
Enable or Disable a Policy
To Next Page
Loading...
Need help?
General
