beautypg.com

Enabling and disabling nids attack signatures, Adding user-defined signatures, St. see – Fortinet FortiGate 100 User Manual

Page 224: Adding user

background image

224

Fortinet Inc.

Enabling and disabling NIDS attack signatures

Network Intrusion Detection System (NIDS)

Enabling and disabling NIDS attack signatures

By default, all NIDS attack signatures are enabled. You can use the NIDS signature
list to disable detection of some attacks. Disabling unnecessary NIDS attack
signatures can improve system performance and reduce the number of IDS log
messages and alert emails that the NIDS generates. For example, the NIDS detects a
large number of web server attacks. If you do not provide access to a web server
behind your firewall, you might want to disable all web server attack signatures.

To disable NIDS attack signatures:

1

Go to NIDS > Detection > Signature List.

2

Scroll down the signature list to find the signature group to disable.
Attack ID numbers and rule names in attack log messages and alert email match
those in the signature group members list. You can scroll through a signature group
members list to locate specific attack signatures by ID number and name.

3

Uncheck the Enable check box.

4

Select OK.

5

Repeat steps

2

to

4

for each NIDS attack signature group that you want to disable.

Select Check All

to enable all NIDS attack signature groups in the signature list.

Select Uncheck All

to disable all NIDS attack signature groups in the signature

list.

Adding user-defined signatures

You can create a user-defined signature list in a text file and upload it from the
management computer to the FortiGate unit.

For information about how to write user-defined signatures, see the FortiGate NIDS
Guide
.

1

Go to NIDS > Detection > User Defined Signature List.

2

Select Upload.

3

Type the path and filename of the text file for the user-defined signature list or select
Browse and locate the file.

4

Select OK to upload the text file for the user-defined signature list.

5

Select Return to display the uploaded user-defined signature list.

Note: To save your NIDS attack signature settings, Fortinet recommends that you back up your
FortiGate configuration before you update the firmware and restore the saved configuration
after the update.