Справочник Пользователя для Fortinet IPS

Use this command to ignore sessions after a set amount of traffic has passed. 
The default is 204800 bytes.

config ips global

set ignore-session-bytes <byte_integer>

end

Set the size of the IPS buffer. The size of the buffer is model-dependent.

config ips global

set socket-size <ips_buffer_size>
end

After configuring IPS and enabling it in protection profiles, it is time to set up 
tracking and notification of attacks. Enabling logging and alert email to maintain 
user awareness of attacks on the network. 

The next step is dealing with attacks if and when they occur. The FortiGuard 
Center at 

 provides a comprehensive 

Attack Encyclopedia to help decide what actions to take to further protect the 
network.

This section describes:

•

•

•

Whenever the IPS detects or prevents an attack, it generates an attack log 
message that can be recorded or sent as an alert email. 

The FortiGate unit categorizes attack log messages by signature or anomaly and 
includes the attack name in the log message. Enable logging and alert email for 
attack signatures and attack anomalies.

Go to Log&Report > Log Config > Log Setting.

Select and configure the settings for any logging locations to use.

Select Apply.

Go to Log&Report > Log Config > Alert Email.

Note: Attack and intrusion attempts occur frequently on networks connected to the Internet. 
Reduce the number of log messages and alert email by disabling signatures for attacks that the 
system is not vulnerable to (for example, web attacks when not running a web server).