FortiGate IPS User Guide Version 3.0 MR7
4 01-30007-0080-20080916
Creating custom signatures........................................................................... 23
Custom signature fields .............................................................................. 23
Custom signature syntax ............................................................................ 24
Example custom signatures........................................................................ 33
Protocol decoders ........................................................................... 37
Protocol decoders........................................................................................... 37
Upgrading the IPS protocol decoder list....................................................... 37
Viewing the protocol decoder list.................................................................. 38
IPS sensors ...................................................................................... 39
Viewing the IPS sensor list............................................................................. 39
Adding an IPS sensor ................................................................................. 40
Configuring IPS sensors................................................................................. 40
Configuring filters ........................................................................................ 42
Configuring pre-defined and custom overrides ........................................... 43
DoS sensors..................................................................................... 45
Viewing the DoS sensor list ........................................................................... 46
Configuring DoS sensors ............................................................................... 46
Understanding the anomalies ........................................................................ 48
SYN flood attacks ............................................................................ 51
What is a SYN flood attack? ........................................................................... 51
How SYN floods work ..................................................................................... 51
The FortiGate IPS Response to SYN flood attacks ...................................... 52
What is SYN threshold?.............................................................................. 52
What is SYN proxy? ................................................................................... 52
How IPS works to prevent SYN floods........................................................ 52
Configuring SYN flood protection ................................................................. 54
Suggested settings for different network conditions .................................. 54
ICMP sweep attacks......................................................................... 55
What is an ICMP sweep? ................................................................................ 55
How ICMP sweep attacks work ...................................................................... 55
The FortiGate IPS response to ICMP sweep attacks.................................... 55
Predefined ICMP signatures ....................................................................... 56
ICMP sweep anomalies .............................................................................. 57
Configuring ICMP sweep protection.............................................................. 58
Suggested settings for different network conditions .................................. 58
Index.................................................................................................. 59
To Next Page
Loading...