Configuring Parameters For Dissector Signatures; Custom Signatures - Fortinet FortiGate FortiGate-1000A Administration Manual
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
Signature
Configuring parameters for dissector signatures
Custom signatures
298
The following predefined dissector signatures have configurable parameters.
•
http_decoder
•
im
•
p2p
•
rpc_decoder
•
tcp_reassembler
Figure 152:Example of dissector signature parameters: tcp_reassembler
Figure 153:Example of dissector signature parameters: p2p
idle_timeout
If a session is idle for longer than this number of seconds, the session will
not be maintained by tcp_reassembler.
min_ttl
A packet with a higher ttl number in its IP header than the number specified
here is not processed by tcp_reassembler.
port_list
A comma separated list of ports. The dissector can decode these TCP ports.
bad_flag_list
A comma separated list of bad TCP flags.
reassembly_
Valid settings are from-server, from-client, or both.
direction
codepoint
A number from 0 to 63. Used for differentiated services tagging. When the
action for p2p and im signatures is set to Pass, the FortiGate unit checks the
codepoint. If the codepoint is set to a number from 1 to 63, the codepoint for
the session is changed to the specified value. If the codepoint is set to -1
(the default) no change is made to the codepoint in the IP header.
You can create custom IPS signatures. The custom signatures you create are added
to a single Custom signature group.
01-28011-0254-20051115
IPS
Fortinet Inc.
Advertisement
Table of Contents
