Configuring Predefined Signatures - Fortinet FortiGate FortiGate-1000A Administration Manual

Fortinet fortigate fortigate-1000a: user guide
Hide thumbs Also See for FortiGate FortiGate-1000A:
Table of Contents

Advertisement

Signature

Configuring predefined signatures

296
Revision
The revision number for individual signatures. To show the signature group
members, click on the blue triangle.
Modify
The Configure and Reset icons. Reset only appears when the default
settings have been modified. Selecting Reset restores the default settings.
Table 32
describes each possible action you can select for predefined signatures.
Table 32: Actions to select for each predefined signature
Action
Pass
Drop
Reset
Reset Client
Reset Server
Drop Session
Clear Session
Pass Session
To enable or disable predefined signature groups
1
Go to IPS > Signature > Predefined.
Description
When a packet triggers a signature, the FortiGate unit generates an alert
and allows the packet through the firewall without further action.
If logging is disabled and action is set to Pass, the signature is effectively
disabled.
When a packet triggers a signature, the FortiGate unit generates an alert
and drops the packet. The session is not touched.
Fortinet recommends using an action other than Drop for TCP connection
based attacks.
When a packet triggers a signature, the FortiGate unit generates an alert
and drops the packet. The FortiGate unit sends a reset to both the client
and the server and drops the session from the session table.
This is used for TCP connections only. If set for non-TCP connection
based attacks, the action will behave as Clear Session. If the Reset action
is triggered before the TCP connection is fully established, it acts as Clear
Session.
When a packet triggers a signature, the FortiGate unit generates an alert
and drops the packet. The FortiGate unit sends a reset to the client and
drops the session from the session table.
This is used for TCP connections only. If set for non-TCP connection
based attacks, the action will behave as Clear Session. If the Reset Client
action is triggered before the TCP connection is fully established, it acts as
Clear Session.
When a packet triggers a signature, the FortiGate unit generates an alert
and drops the packet. The FortiGate unit sends a reset to the server and
drops the session from the session table.
This is used for TCP connections only. If set for non-TCP connection
based attacks, the action will behave as Clear Session. If the Reset Server
action is triggered before the TCP connection is fully established, it acts as
Clear Session.
When a packet triggers a signature, the FortiGate unit generates an alert
and drops the packet. For the remainder of this packet's session, all
follow-up packets are dropped.
When a packet triggers a signature, the FortiGate unit generates an alert
and the session to which the packet belongs is removed from the session
table immediately. No reset is sent.
For TCP, all follow-up packets could be dropped.
For UDP, all follow-up packets could trigger the firewall to create a new
session.
When a packet triggers a signature, the FortiGate unit generates an alert
and allows the packet through the firewall. For the remainder of this
packet's session, the IPS is bypassed by all follow-up packets.
01-28011-0254-20051115
IPS
Fortinet Inc.

Advertisement

Table of Contents
loading

Table of Contents