When to use ips, Network performance, Default signature and anomaly settings – Fortinet Network Device IPS User Manual
Page 10: Default fail open setting
FortiGate IPS User Guide Version 3.0 MR7
10
01-30007-0080-20080916
Network performance
IPS overview and general configuration
To create an IPS sensor, go to Intrusion Protection > IPS Sensor. See
for details. To access the protection profile IPS sensor
selection, go to Firewall > Protection Profile, select Edit or Create New, and
select IPS.
To create a DoS Sensor, go to Intrusion Protection > DoS Sensor. See
for details.
When to use IPS
IPS is best for large networks or for networks protecting highly sensitive
information. Using IPS effectively requires monitoring and analysis of the attack
logs to determine the nature and threat level of an attack. An administrator can
adjust the threshold levels to ensure a balance between performance and
intrusion prevention. Small businesses and home offices without network
administrators may be overrun with attack log messages and not have the
networking background required to configure the thresholds and other IPS
settings. In addition, the other protection features in the FortiGate unit, such as
antivirus (including grayware), spam filters, and web filters offer excellent
protection for all networks.
Network performance
The FortiGate IPS is extremely accurate and reliable as an in-line network device.
Independent testing shows that the FortiGate IPS successfully detects and blocks
attacks even under high traffic loads, while keeping latency within expected limits.
This section describes:
•
Default signature and anomaly settings
•
•
•
Default signature and anomaly settings
You can use IPS sensors to apply appropriate IPS signatures to different
protection profiles, then different firewall policies.
Default fail open setting
If for any reason the IPS should cease to function, it will fail open by default. This
means that crucial network traffic will not be blocked and the Firewall will continue
to operate while the problem is resolved.
Change the default fail open setting using the CLI:
config ips global
set fail-open [enable | disable]
end