beautypg.com

Fortinet Network Device IPS User Manual

Page 18

background image

FortiGate IPS User Guide Version 3.0 MR7

18

01-30007-0080-20080916

Viewing the predefined signature list

Predefined signatures

By default, the signatures are sorted by name. To sort the table by another
column, select the required column header name.

Fine tuning IPS predefined signatures for enhanced system performance

In FortiOS the FortiGate unit will have most of the predefined signatures enabled
and will log all of them by default. To meet your specific network requirements, you
need to fine tune the signature settings.

By fine tuning the signatures and log settings you can provide the best protection
available but also free up valuable FortiGate resources. Fine tuning enables you
to turn off features that you are not using. By turning off signatures and logs that
you do not use, you allow the FortiGate unit to perform tasks faster thus improving
overall system performance.

Not all systems require you to scan for all signatures of the IPS suite all the time.
By configuring the FortiGate unit to not monitor for these signatures, you will
maintain a high level of security and increase overall performance.

Column
Settings

Select to customize the signature information displayed in the table. You

can also readjust the column order.

Clear All Filters If you have applied filtering to the predefined signature list display, select

this option to clear all filters and display all the signatures.

Name

The name of the signature, linked to the FortiGuard Center web page

about the signature.

Severity

The severity rating of the signature. The severity levels, from lowest to

highest, are Information, Low, Medium, High, and Critical.

Target

The target of the signature. Servers, clients, or both.

Protocols

The protocol the signature applies to.

OS

The operating system the signature applies to.

Applications

The applications the signature applies to.

Enable

The default status of the signature. A green circle indicates the signature

is enabled. A gray circle indicates the signature is not enabled.

Action

The default action for the signature. The available actions are pass and

drop.

Pass allows the traffic to continue without any modification. If you
want to determine what effect IPS protection would have on your
network traffic, you can enable the required signatures, set the action
to pass, and enable logging. Traffic will not be interrupted, but you
will be able to examine in detail which signatures were detected.

Drop prevents the traffic with detected signatures from reaching its
destination.

If logging is enabled, the action appears in the status field of the log

message generated by the signature.

ID

A unique numeric identifier for the signature.

Logging

The default logging behavior of the signature. A green circle indicates

logging is enabled. A gray circle indicates logging is disabled.

Group

A functional group that is assigned to the signature. This group is only

for reference and cannot be used to define filters.

Packet Log

The default packet log status of the signature. A green circle indicates

packet log is enabled. A gray circle indicates packet log is disabled.

Revision

The revision level of the signature. If the signature is updated, the

revision number will be incremented.