Справочник Пользователя для Fortinet IPS
IPS overview and general configuration
The FortiGate IPS
FortiGate IPS User Guide Version 3.0 MR7
01-30007-0080-20080916
01-30007-0080-20080916
9
IPS overview and general
configuration
configuration
This section contains the following topics:
•
•
•
•
The FortiGate IPS
An IPS is an Intrusion Prevention System for networks. While early systems
focused on intrusion detection, the continuing rapid growth of the Internet, and the
potential for the theft of sensitive data, has resulted in the need for not only
detection, but prevention.
focused on intrusion detection, the continuing rapid growth of the Internet, and the
potential for the theft of sensitive data, has resulted in the need for not only
detection, but prevention.
The FortiGate IPS detects intrusions by using attack signatures for known
intrusion methods, and detects anomalies in network traffic to identify new or
unknown intrusions. Not only can the IPS detect and log attacks, but users can
choose actions to take on the session when an attack is detected. This guide
describes how to configure and use the IPS and the IPS response to some
common attacks.
intrusion methods, and detects anomalies in network traffic to identify new or
unknown intrusions. Not only can the IPS detect and log attacks, but users can
choose actions to take on the session when an attack is detected. This guide
describes how to configure and use the IPS and the IPS response to some
common attacks.
Both the IPS predefined signatures and the IPS engine are upgraded through the
FortiGuard Distribution Network (FDN). These upgrades provide the latest
protection against IM/P2P and other threats. Firmware upgrades will update
anomaly options. The FortiGate IPS default settings implement the recommended
settings for all signatures and anomalies. Signature settings and some anomaly
thresholds are pre-set to work best with the normal traffic on the protected
networks. You can create custom signatures for the FortiGate IPS in diverse
network environments.
FortiGuard Distribution Network (FDN). These upgrades provide the latest
protection against IM/P2P and other threats. Firmware upgrades will update
anomaly options. The FortiGate IPS default settings implement the recommended
settings for all signatures and anomalies. Signature settings and some anomaly
thresholds are pre-set to work best with the normal traffic on the protected
networks. You can create custom signatures for the FortiGate IPS in diverse
network environments.
Administrators are notified of intrusions and possible intrusions through log
messages and alert email.
messages and alert email.
Packet logging provides administrators with the ability to analyze packets for
forensics and false positive detection.
forensics and false positive detection.
IPS settings and controls
Configure the Intrusion Protection system using either the web-based manager or
the CLI, then select IPS sensors in individual firewall protection profiles.
the CLI, then select IPS sensors in individual firewall protection profiles.
Note: If virtual domains are enabled on the FortiGate unit, the Intrusion Protection settings
are configured separately in each VDOM. All sensors and custom signatures will appear
only in the VDOM in which they were created.
are configured separately in each VDOM. All sensors and custom signatures will appear
only in the VDOM in which they were created.