Fortinet fortigate-200a Betriebsanweisung
IPS
Anomaly
FortiGate-300A Administration Guide
01-28006-0092-20041105
301
Configuring an anomaly
Each anomaly is preset with a recommended configuration. By default all anomaly
signatures are enabled. You can use the recommended configurations or you can
modify the recommended configurations to meet the needs of your network.
signatures are enabled. You can use the recommended configurations or you can
modify the recommended configurations to meet the needs of your network.
For more information on minimum, maximum, and recommended thresholds for the
anomalies with configurable thresholds, see the FortiGate IPS Anomaly Thresholds
and Dissector Values Technical Bulletin.
anomalies with configurable thresholds, see the FortiGate IPS Anomaly Thresholds
and Dissector Values Technical Bulletin.
Figure 149:Editing the portscan IPS anomaly
Figure 150:Editing the syn_fin IPS anomaly
Action
The action set for each anomaly. Action can be Pass, Drop, Reset, Reset
Client, Reset Server, Drop Session, Clear Session, or Pass Session.
Modify
The Edit and Reset icons. If you have changed the settings for an anomaly,
you can use the Reset icon to change the settings back to the
recommended settings.
Name
The anomaly name.
Enable
Select the Enable box to enable the anomaly or clear the Enable box to
disable the anomaly.
Logging
Select the Logging box to enable logging for the anomaly or clear the
Logging box to disable logging for the anomaly.
Action
Select an action for the FortiGate unit to take when traffic triggers this
anomaly.
Pass
The FortiGate unit lets the packet that triggered the anomaly pass
through the firewall. If logging is disabled and action is set to Pass, the
anomaly is effectively disabled.
Drop
The FortiGate unit drops the packet that triggered the anomaly. Fortinet
recommends using an action other than Drop for TCP connection based
attacks.