Enabling nids attack prevention signatures, Setting signature threshold values – Fortinet FortiGate 100 User Manual
Page 226
226
Fortinet Inc.
Enabling NIDS attack prevention signatures
Network Intrusion Detection System (NIDS)
Enabling NIDS attack prevention signatures
The NIDS Prevention module contains signatures that are designed to protect your
network against attacks. Some signatures are enabled by default; others must be
enabled. For a complete list of NIDS Prevention signatures and descriptions, see the
FortiGate NIDS Guide.
1
Go to NIDS > Prevention.
2
Check the box in the Enable column beside each signature that you want to enable.
3
Select Check All
to enable all signatures in the NIDS attack prevention signature
list.
4
Select Uncheck All
to disable all signatures in the NIDS attack prevention
signature list.
5
Select Reset to Default Values
to enable only the default NIDS attack prevention
signatures and return to the default threshold values.
Figure 36: Example NIDS attack prevention signature list entries
Setting signature threshold values
You can change the default threshold values for the NIDS Prevention signatures listed
in
. The threshold depends on the type of attack. For flooding attacks, the
threshold is the maximum number of packets received per second. For overflow
attacks, the threshold is the buffer size for the command. For large ICMP attacks, the
threshold is the ICMP packet size limit to pass through.