Custom Signature List - Fortinet FortiGate FortiGate-1000A Administration Manual
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
IPS
Custom signature list
FortiGate-1000A/FA2 Administration Guide
Custom signatures provide the power and flexibility to customize the FortiGate IPS for
diverse network environments. The FortiGate predefined signatures cover common
attacks. If you are using an unusual or specialized application or an uncommon
platform, you can add custom signatures based on the security alerts released by the
application and platform vendors.
You can also use custom signatures to block or allow specific traffic. For example to
block traffic containing pornography, you can add custom signatures similar to the
following:
F-SBID (--protocol tcp; --flow established; --content "nude cheerleader"; --no_case)
When you add the signature set action to Drop Session.
For more information on custom signature syntax see the FortiGate IPS Custom
Signatures Technical Bulletin.
Note: Custom signatures are an advanced feature. This document assumes the user has
previous experience creating intrusion detection signatures.
Figure 154:The custom signature group
Enable custom
Select the Enable custom signature box to enable the custom signature
group or clear the Enable custom signature box to disable the custom
signature
signature group.
Create New
Select Create New to create a new custom signature.
Clear all custom
Remove all the custom signatures from the custom signature group.
signatures
Reset to
Reset all the custom signatures to the recommended settings.
recommended
settings?
Name
The custom signature names.
Revision
The revision number for each custom signature. The revision number is a
number you assign to the signature when you create or revise it.
Enable
The status of each custom signature. A white check mark in a green circle
indicates the signature is enabled. A white X in a grey circle indicates the
signature is disabled.
Selecting the box at the top of the Enable column enables all the custom
signatures. Clearing the box at the top of the Enable column disables all the
custom signatures.
Logging
The logging status of each custom signature. A white check mark in a green
circle indicates logging is enabled for the custom signature. A white X in a
grey circle indicates logging is disabled for the custom signature.
Action
The action set for each custom signature. Action can be Pass, Drop, Reset,
Reset Client, Reset Server, Drop Session, Clear Session, or Pass Session.
Modify
The Delete and Edit/View icons.
01-28011-0254-20051115
Signature
299
Advertisement
Table of Contents
