Intrusion Protection DoS sensors
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 471
http://docs.fortinet.com/ • Feedback
Figure 303: Edit DoS Sensor
DoS sensor attributes:
Name Enter or change the DoS sensor name.
Comments Enter or change an optional description of the DoS sensor. This description
will appear in the DoS sensor list.
Anomalies Configuration
Name The name of the anomaly.
Enable Select the check box to enable the DoS sensor to detect when the
specified anomaly occurs. Selecting the check box in the header row will
enable sensing of all anomalies.
Logging Select the check box to enable the DoS sensor to log when the anomaly
occurs. Selecting the check box in the header row will enable logging for all
anomalies. Anomalies that are not enabled are not logged.
Action Select Pass to allow anomalous traffic to pass when the FortiGate unit
detects it, or set Block to prevent the traffic from passing.
Threshold Displays the number of sessions/packets that must show the anomalous
behavior before the FortiGate unit triggers the anomaly action (pass or
block). If required, change the number. For more information about how
these settings affect specific anomalies, see Table 46 on page 472.
Protected
Addresses
Each entry in the protected address table includes a source and
destination IP address as well as a destination port. The DoS sensor will
be applied to traffic matching the three attributes in any table entry.
A new DoS sensor has no protected address table entries. If no addresses
are entered, the DoS sensor cannot match any traffic and will not function.
Destination The IP address of the traffic destination. 0.0.0.0/0 matches all addresses. If
the FortiGate unit is running in transparent mode, 0.0.0.0/0 also includes
the management IP address.
Destination
Port
The destination port of the traffic. 0 matches any port.
To Next Page
Loading...