beautypg.com

Fortinet Network Device IPS User Manual

Page 4

background image

FortiGate IPS User Guide Version 3.0 MR7

4

01-30007-0080-20080916

Creating custom signatures ........................................................................... 23

Custom signature fields .............................................................................. 23
Custom signature syntax ............................................................................ 24
Example custom signatures........................................................................ 33

Protocol decoders ........................................................................... 37

Protocol decoders ........................................................................................... 37

Upgrading the IPS protocol decoder list....................................................... 37

Viewing the protocol decoder list .................................................................. 38

IPS sensors ...................................................................................... 39

Viewing the IPS sensor list............................................................................. 39

Adding an IPS sensor ................................................................................. 40

Configuring IPS sensors................................................................................. 40

Configuring filters ........................................................................................ 42
Configuring pre-defined and custom overrides ........................................... 43

DoS sensors ..................................................................................... 45

Viewing the DoS sensor list ........................................................................... 46

Configuring DoS sensors ............................................................................... 46

Understanding the anomalies ........................................................................ 48

SYN flood attacks ............................................................................ 51

What is a SYN flood attack? ........................................................................... 51

How SYN floods work ..................................................................................... 51

The FortiGate IPS Response to SYN flood attacks ...................................... 52

What is SYN threshold?.............................................................................. 52
What is SYN proxy? ................................................................................... 52
How IPS works to prevent SYN floods........................................................ 52

Configuring SYN flood protection ................................................................. 54

Suggested settings for different network conditions .................................. 54

ICMP sweep attacks......................................................................... 55

What is an ICMP sweep? ................................................................................ 55

How ICMP sweep attacks work ...................................................................... 55

The FortiGate IPS response to ICMP sweep attacks.................................... 55

Predefined ICMP signatures ....................................................................... 56
ICMP sweep anomalies .............................................................................. 57

Configuring ICMP sweep protection.............................................................. 58

Suggested settings for different network conditions .................................. 58

Index.................................................................................................. 59

See also other documents in the category Fortinet Hardware: