Intrusion Protection Cli Configuration - Fortinet FortiGate Series Administration Manual

Intrusion protection CLI configuration

Intrusion protection CLI configuration
ips global fail-open
ips global socket-size
548
Table 49: The twelve individually configurable anomalies
Anomaly Description
If the SYN packet rate, including retransmission, to one destination IP
tcp_syn_flood
address exceeds the configured threshold value, the action is executed.
The threshold is expressed in packets per second.
If the SYN packets rate, including retransmission, from one source IP
tcp_port_scan
address exceeds the configured threshold value, the action is executed.
The threshold is expressed in packets per second.
If the number of concurrent TCP connections from one source IP address
tcp_src_session
exceeds the configured threshold value, the action is executed.
If the number of concurrent TCP connections to one destination IP
tcp_dst_session
address exceeds the configured threshold value, the action is executed.
If the UDP traffic to one destination IP address exceeds the configured
udp_flood
threshold value, the action is executed. The threshold is expressed in
packets per second.
If the number of UDP sessions originating from one source IP address
udp_scan
exceeds the configured threshold value, the action is executed. The
threshold is expressed in packets per second.
If the number of concurrent UDP connections from one source IP address
udp_src_session
exceeds the configured threshold value, the action is executed.
If the number of concurrent UDP connections to one destination IP
udp_dst_session
address exceeds the configured threshold value, the action is executed.
If the number of ICMP packets sent to one destination IP address
icmp_flood
exceeds the configured threshold value, the action is executed. The
threshold is expressed in packets per second.
If the number of ICMP packets originating from one source IP address
icmp_sweep
exceeds the configured threshold value, the action is executed. The
threshold is expressed in packets per second.
If the number of concurrent ICMP connections from one source IP
icmp_src_session
address exceeds the configured threshold value, the action is executed.
If the number of concurrent ICMP connections to one destination IP
icmp_dst_session
address exceeds the configured threshold value, the action is executed.
This section describes the CLI commands that extend features available through the web-
based manager. For complete descriptions and examples of how to enable additional
features through CLI commands, see the
If for any reason the IPS should cease to function, it will fail open by default. This means
crucial network traffic will not be blocked, and the FortiGate unit will continue to operate
while the problem is being resolved.
Set the size of the IPS buffer.
FortiGate CLI Reference.
FortiGate Version 4.0 MR1 Administration Guide
http://docs.fortinet.com/
Intrusion Protection
01-410-89802-20090903
• Feedback