IPS sensors Intrusion Protection
FortiGate Version 4.0 MR1 Administration Guide
538 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Adding an IPS sensor
An IPS sensor must be created before it can be configured by adding filters and overrides.
To create an IPS sensor, go to UTM > Intrusion Protection > IPS Sensor and select
Create New.
Figure 319: New IPS sensor
Configuring IPS sensors
Each IPS sensor consists of two parts: filters and overrides. Overrides are always
checked before filters.
Each filter consists of a number of signatures attributes. All of the signatures with those
attributes, and only those attributes, are checked against traffic when the filter is run. If
multiple filters are defined in an IPS Sensor, they are checked against the traffic one at a
time, from top to bottom. If a match is found, the FortiGate unit takes the appropriate
action and stops further checking.
A signature override can modify the behavior of a signature specified in a filter. A signature
override can also add a signature not specified in the sensor’s filters. Custom signatures
are included in an IPS sensor using overrides.
The signatures in the overrides are first compared to network traffic. If the IPS sensor
does not find any matches, it then compares the signatures in each filter to network traffic,
one filter at a time, from top to bottom. If no signature matches are found, the IPS sensor
allows the network traffic.
To view an IPS sensor, go to UTM > Intrusion Protection > IPS Sensor and select the Edit
icon of any IPS sensor. The Edit IPS Sensor window is divided into three parts: the sensor
attributes, Filters, and Overrides.
protect_email_server Includes only the signatures designed to detect attacks against
servers and the SMTP, POP3, or IMAP protocols; uses the default
enable status and action of each signature.
protect_http_server Includes only the signatures designed to detect attacks against
servers and the HTTP protocol; uses the default enable status and
action of each signature.
Name Enter the name of the new IPS sensor.
Comment Enter an optional comment to display in the IPS sensor list.
To Next Page
Loading...
Need help?
General
