Configuring synflood signature values, Logging attacks, Logging attack messages to the attack log – Fortinet FortiGate 100 User Manual
Page 228
228
Fortinet Inc.
Configuring synflood signature values
Network Intrusion Detection System (NIDS)
Configuring synflood signature values
For synflood signatures, you can set the threshold, queue size, and keep alive values.
1
Go to NIDS > Prevention.
2
Select Modify
for the synflood signature.
3
Type the Threshold value.
4
Type the Queue Size.
5
Type the Timeout value.
6
Select the Enable check box.
Alternatively, select the synflood Enable check box in the Prevention signature list.
7
Select OK.
Logging attacks
Whenever the NIDS detects or prevents an attack, it generates an attack message.
You can configure the system to add the message to the attack log.
•
Logging attack messages to the attack log
•
Reducing the number of NIDS attack log and email messages
Logging attack messages to the attack log
Use the following procedure to log attack messages to the attack log.
1
Go to Log&Report > Log Setting.
2
Select Config Policy for the log locations you have set.
3
Select Attack Log.
4
Select Attack Detection and Attack Prevention.
5
Select OK.
Value
Description
Minimum
value
Maximum
value
Default
value
Threshold
Number of SYN requests sent to a
destination host or server per second. If the
SYN requests are being sent to all ports on
the destination, as opposed to just one port,
the threshold quadruples (4 x).
30
3000
200
Queue Size
Maximum number of proxied connections
that the FortiGate unit handles. The
FortiGate unit discards additional proxy
requests.
10
10240
1024
Timeout
Number of seconds for the SYN cookie to
keep a proxied connection alive. This value
limits the size of the proxy connection table.
3
60
15
Note: For information about log message content and formats, and about log locations, see the
Logging Configuration and Reference Guide.