User ManualTable of ContentsContents3Introduction5The FortiGate IPS5About this document6Document conventions6Typographic conventions6Fortinet documentation6Fortinet Knowledge Center8Comments on Fortinet technical documentation8Customer service and technical support8IPS overview and general configuration9The FortiGate IPS9IPS settings and controls9When to use IPS10Network performance10Default signature and anomaly settings10Default fail open setting10Controlling sessions11Setting the buffer size11Monitoring the network and dealing with attacks11Configuring logging and alert email11Attack log messages12Signature12Anomaly13The FortiGuard Center13Using IPS sensors in a protection profile14Creating a protection profile that uses IPS sensors14Adding protection profiles to firewall policies14Adding protection profiles to user groups15Predefined signatures17IPS predefined signatures17Viewing the predefined signature list17Fine tuning IPS predefined signatures for enhanced system performance18Custom signatures21IPS custom signatures21Viewing the custom signature list21Custom signature configuration22Adding custom signatures using the web-based manager22Adding custom signatures using the CLI22Command syntax pattern22Creating custom signatures23Custom signature fields23Custom signature syntax24Example custom signatures33Example 1: signature to block access to example.com33Example 2: signature to block the SMTP ‘vrfy’ command35Protocol decoders37Protocol decoders37Upgrading the IPS protocol decoder list37Viewing the protocol decoder list38IPS sensors39Viewing the IPS sensor list39Adding an IPS sensor40Configuring IPS sensors40Configuring filters42Configuring pre-defined and custom overrides43DoS sensors45Viewing the DoS sensor list46Configuring DoS sensors46Understanding the anomalies48SYN flood attacks51What is a SYN flood attack?51How SYN floods work51The FortiGate IPS Response to SYN flood attacks52What is SYN threshold?52What is SYN proxy?52How IPS works to prevent SYN floods52Configuring SYN flood protection54Suggested settings for different network conditions54ICMP sweep attacks55What is an ICMP sweep?55How ICMP sweep attacks work55The FortiGate IPS response to ICMP sweep attacks55Predefined ICMP signatures56ICMP sweep anomalies57Configuring ICMP sweep protection58Suggested settings for different network conditions58Index59Size: 1.07 MBPages: 62Language: EnglishOpen manual
User ManualTable of ContentsIntroduction5The FortiGate IPS5About this document6Document conventions6Fortinet documentation6Fortinet Knowledge Center8Comments on Fortinet technical documentation8Customer service and technical support8IPS overview and general configuration9The FortiGate IPS9IPS settings and controls9When to use IPS10Network performance10Default signature and anomaly settings10Default fail open setting10Controlling sessions11Setting the buffer size11Monitoring the network and dealing with attacks11Configuring logging and alert email11Attack log messages12The FortiGuard Center13Using IPS sensors in a protection profile14Creating a protection profile that uses IPS sensors14Adding protection profiles to firewall policies14Adding protection profiles to user groups15Predefined signatures17IPS predefined signatures17Viewing the predefined signature list17Custom signatures21IPS custom signatures21Viewing the custom signature list21Custom signature configuration22Adding custom signatures using the web-based manager22Adding custom signatures using the CLI22Creating custom signatures23Custom signature fields23Custom signature syntax24Example custom signatures33Protocol decoders37Protocol decoders37Upgrading the IPS protocol decoder list37Viewing the protocol decoder list38IPS sensors39Viewing the IPS sensor list39Adding an IPS sensor40Configuring IPS sensors40Configuring filters42Configuring pre-defined and custom overrides43DoS sensors45Viewing the DoS sensor list46Configuring DoS sensors46Understanding the anomalies48SYN flood attacks51What is a SYN flood attack?51How SYN floods work51The FortiGate IPS Response to SYN flood attacks52What is SYN threshold?52What is SYN proxy?52How IPS works to prevent SYN floods52Configuring SYN flood protection54Suggested settings for different network conditions54ICMP sweep attacks55What is an ICMP sweep?55How ICMP sweep attacks work55The FortiGate IPS response to ICMP sweep attacks55Predefined ICMP signatures56ICMP sweep anomalies57Configuring ICMP sweep protection58Suggested settings for different network conditions58Index59Size: 1010 KBPages: 62Language: EnglishOpen manual