Fortinet fortigate-100a Betriebsanweisung

Access the config limit subcommand using the config ips anomaly 
<name_str> command. Use this command for session control based on source and 

destination network address. This command is available for tcp_src_session, 
tcp_dst_session, icmp_src_session, icmp_dst_session, 
udp_src_session, udp_dst_session.
You cannot edit the default entry. Addresses are matched from more specific to 

more general. For example, if you define thresholds for 192.168.100.0/24 and 
192.168.0.0/16, the address with the 24 bit netmask will be matched first.

config limit

edit <name_str>

set <keyword> <variable>

end

config limit

edit <name_str>

unset <keyword>

end

config limit

delete <name_str>

Use the following command to configure the limit for the tcp_src_session 

anomaly.

config ips anomaly tcp_src_session

config limit

edit subnet1

set ipaddress 1.1.1.0 255.255.255.0
set threshold 300

end

end

Note: This guide only covers Command Line Interface (CLI) commands that are not 
represented in the web-based manager. For complete descriptions and examples of how to use 
CLI commands see the FortiGate CLI Reference Guide.

Note: This command has more keywords than are listed in this Guide. See the FortiGate CLI 
Reference Guide for a complete list of commands and keywords.

ipaddress 
<address_ipv4mask>

The ip address and netmask of the 

source or destination network.

No 

default.

All models.

threshold 
<threshold_integer>

Set the threshold that triggers this 

anomaly.

No 

default.

All models.