beautypg.com

Ips overview and general configuration, The fortigate ips, Ips settings and controls – Fortinet Network Device IPS User Manual

Page 9

background image

IPS overview and general configuration

The FortiGate IPS

FortiGate IPS User Guide Version 3.0 MR7
01-30007-0080-20080916

9

IPS overview and general
configuration

This section contains the following topics:

The FortiGate IPS

Network performance

Monitoring the network and dealing with attacks

Using IPS sensors in a protection profile

The FortiGate IPS

An IPS is an Intrusion Prevention System for networks. While early systems
focused on intrusion detection, the continuing rapid growth of the Internet, and the
potential for the theft of sensitive data, has resulted in the need for not only
detection, but prevention.

The FortiGate IPS detects intrusions by using attack signatures for known
intrusion methods, and detects anomalies in network traffic to identify new or
unknown intrusions. Not only can the IPS detect and log attacks, but users can
choose actions to take on the session when an attack is detected. This guide
describes how to configure and use the IPS and the IPS response to some
common attacks.

Both the IPS predefined signatures and the IPS engine are upgraded through the
FortiGuard Distribution Network (FDN). These upgrades provide the latest
protection against IM/P2P and other threats. Firmware upgrades will update
anomaly options. The FortiGate IPS default settings implement the recommended
settings for all signatures and anomalies. Signature settings and some anomaly
thresholds are pre-set to work best with the normal traffic on the protected
networks. You can create custom signatures for the FortiGate IPS in diverse
network environments.

Administrators are notified of intrusions and possible intrusions through log
messages and alert email.

Packet logging provides administrators with the ability to analyze packets for
forensics and false positive detection.

IPS settings and controls

Configure the Intrusion Protection system using either the web-based manager or
the CLI, then select IPS sensors in individual firewall protection profiles.

Note: If virtual domains are enabled on the FortiGate unit, the Intrusion Protection settings
are configured separately in each VDOM. All sensors and custom signatures will appear
only in the VDOM in which they were created.