beautypg.com

Fortinet FortiGate 100 User Manual

Page 227

background image

Network Intrusion Detection System (NIDS)

Setting signature threshold values

FortiGate-100 Installation and Configuration Guide

227

For example, setting the icmpflood signature threshold to 500 will allow 500 echo
requests from a source address, to which the system sends echo replies. If the
number of requests is 501 or higher, the FortiGate unit will block the attacker to
eliminate disruption of system operations.

If you enter a threshold value of 0 or a number out of the allowable range, the
FortiGate unit uses the default value.

To set Prevention signature threshold values:

1

Go to NIDS > Prevention.

2

Select Modify

beside the signature for which you want to set the Threshold value.

Signatures that do not have threshold values do not have Modify

icons.

3

Type the Threshold value.

4

Select the Enable check box.

5

Select OK.

Table 6: NIDS Prevention signatures with threshold values

Signature
abbreviation

Threshold value units

Default
threshold
value

Minimum
threshold
value

Maximum
threshold
value

synflood

Maximum number of SYN segments

received per second

200

30

3000

portscan

Maximum number of SYN segments

received per second

128

10

256

srcsession

Total number of TCP sessions initiated

from the same source

2048

128

10240

ftpovfl

Maximum buffer size for an FTP

command (bytes)

256

128

1024

smtpovfl

Maximum buffer size for an SMTP

command (bytes)

512

128

1024

pop3ovfl

Maximum buffer size for a POP3

command (bytes)

512

128

1024

udpflood

Maximum number of UDP packets

received from the same source or sent

to the same destination per second

2048

512

102400

udpsrcsession

Total number of UDP sessions initiated

from the same source

1024

512

102400

icmpflood

Maximum number of UDP packets

received from the same source or sent

to the same destination per second

256

128

102400

icmpsrcsession

Total number of ICMP sessions

initiated from the same source

128

64

2048

icmpsweep

Maximum number of ICMP packets

received from the same source per

second

32

16

2048

icmplarge

Maximum ICMP packet size (bytes)

32000

1024

64000

See also other documents in the category Fortinet Hardware: