Intrusion Protection About intrusion protection
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 531
http://docs.fortinet.com/ • Feedback
Intrusion Protection
The FortiGate Intrusion Protection system combines signature and anomaly detection and
prevention with low latency and excellent reliability. With intrusion Protection, you can
create multiple IPS sensors, each containing a complete configuration based on
signatures. Then, you can apply any IPS sensor to each protection profile. You can also
create DoS sensors to examine traffic for anomaly-based attacks.
This section describes how to configure the FortiGate Intrusion Protection settings. For
more information about Intrusion Protection, see the FortiGate UTM User Guide.
If you enable virtual domains (VDOMs) on the FortiGate unit, intrusion protection is
configured separately for each virtual domain. For details, see “Using virtual domains” on
page 159.
This section describes:
• About intrusion protection
• Signatures
• Custom signatures
• Protocol decoders
• IPS sensors
• DoS sensors
• Intrusion protection CLI configuration
About intrusion protection
The FortiGate unit can log suspicious traffic, send alert email messages to system
administrators, and log, pass, or block suspicious packets or sessions. You can adjust the
DoS sensor anomaly thresholds to work best with the normal traffic on the protected
networks. You can also create custom signatures to tailor the FortiGate Intrusion
Protection system to your network environment.
The FortiGate Intrusion Protection system matches network traffic against patterns
contained in attack signatures. Attack signatures reliably protect your network from known
attacks. Fortinet’s FortiGuard infrastructure ensures the rapid identification of new threats
and the development of new attack signatures.
FortiGuard services provide automatic updates of virus and intrusion protection (attack)
engines and definitions to FortiGate customers through the FortiGuard Distribution
Network (FDN). The FortiGuard Center also provides the FortiGuard virus and attack
encyclopedia and the FortiGuard Bulletin. Visit the Fortinet Knowledge Center for details
and a link to the FortiGuard Center.
For more information about configuring the connection between the FortiGate unit and
FortiGuard see “Configuring the FortiGate unit for FDN and FortiGuard subscription
services” on page 323.
To Next Page
Loading...
Need help?
General
