Fortinet FortiGate Series Administration Manual page 736
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Example configuration: logging all FortiGate traffic
736
next
edit port2
set log enable
end
4 Use the following command to enable logging of other traffic. This option is only
available when logging to an external syslog server.
config log syslogd filter
set other-traffic enable
end
5 Go to UTM > Intrusion Protection > IPS Sensor and select Create New to add an IPS
Sensor.
Edit the IPS Sensor and select Add Pre-defined Override to add the following
predefined IPS signatures to the sensor.
• Invalid.Protocol.Header
• TCP.Bad.Flags
• TCP.Invalid.Packet.Size
Enable each of these signatures, set Action to Block and enable Logging.
6 Enter the following CLI commands to add a DoS policy (called an interface policy in the
CLI) that includes the IPS Sensor.
config firewall interface-policy
edit 1
set interface <interface_name>
set srcaddr all
set dstaddr all
set service ANY
set ips-sensor-status enable
set ips-sensor <sensor_name>
end
Where <sensor_name> is the name of the IPS sensor added above.
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
Log&Report
•
Feedback
Advertisement
Table of Contents
