Intrusion protection CLI configuration Intrusion Protection
FortiGate Version 4.0 MR1 Administration Guide
548 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Intrusion protection CLI configuration
This section describes the CLI commands that extend features available through the web-
based manager. For complete descriptions and examples of how to enable additional
features through CLI commands, see the FortiGate CLI Reference.
ips global fail-open
If for any reason the IPS should cease to function, it will fail open by default. This means
crucial network traffic will not be blocked, and the FortiGate unit will continue to operate
while the problem is being resolved.
ips global socket-size
Set the size of the IPS buffer.
Table 49: The twelve individually configurable anomalies
Anomaly Description
tcp_syn_flood If the SYN packet rate, including retransmission, to one destination IP
address exceeds the configured threshold value, the action is executed.
The threshold is expressed in packets per second.
tcp_port_scan If the SYN packets rate, including retransmission, from one source IP
address exceeds the configured threshold value, the action is executed.
The threshold is expressed in packets per second.
tcp_src_session If the number of concurrent TCP connections from one source IP address
exceeds the configured threshold value, the action is executed.
tcp_dst_session If the number of concurrent TCP connections to one destination IP
address exceeds the configured threshold value, the action is executed.
udp_flood If the UDP traffic to one destination IP address exceeds the configured
threshold value, the action is executed. The threshold is expressed in
packets per second.
udp_scan If the number of UDP sessions originating from one source IP address
exceeds the configured threshold value, the action is executed. The
threshold is expressed in packets per second.
udp_src_session If the number of concurrent UDP connections from one source IP address
exceeds the configured threshold value, the action is executed.
udp_dst_session If the number of concurrent UDP connections to one destination IP
address exceeds the configured threshold value, the action is executed.
icmp_flood If the number of ICMP packets sent to one destination IP address
exceeds the configured threshold value, the action is executed. The
threshold is expressed in packets per second.
icmp_sweep If the number of ICMP packets originating from one source IP address
exceeds the configured threshold value, the action is executed. The
threshold is expressed in packets per second.
icmp_src_session If the number of concurrent ICMP connections from one source IP
address exceeds the configured threshold value, the action is executed.
icmp_dst_session If the number of concurrent ICMP connections to one destination IP
address exceeds the configured threshold value, the action is executed.
To Next Page
Loading...
Need help?
General
