Adding Custom Signatures; Backing Up And Restoring Custom Signature Files; Anomaly - Fortinet FortiGate FortiGate-1000A Administration Manual

Anomaly

Adding custom signatures

Backing up and restoring custom signature files

Anomaly
300
To add a custom signature
1 Go to IPS > Signature > Custom.
2 Select Create New to add a new custom signature or select the Edit icon to edit an
existing custom signature.
Figure 155:Edit custom signature
3 Enter a name for the custom signature.
You cannot edit the name of an existing custom signature.
4 Enter the custom signature.
5 Select the action to be taken when a packet triggers this signature. (See
action descriptions.)
6 Select the Logging box to enable logging for the custom signature or clear the Logging
box to disable logging for the custom signature.
For information on backing up and restoring the custom signature list, see
and Restoring" on page
Caution: Restoring the custom signature list overwrites the existing file.
The FortiGate IPS uses anomaly detection to identify network traffic that does not fit
known or preset traffic patterns. The FortiGate IPS identifies the four statistical
anomaly types for the TCP, UDP, and ICMP protocols.
Flooding
Scan
Source session
limit
Destination
session limit
130.
If the number of sessions targeting a single destination in one second is
over a threshold, the destination is experiencing flooding.
If the number of sessions from a single source in one second is over a
threshold, the source is scanning.
If the number of concurrent sessions from a single source is over a
threshold, the source session limit is reached.
If the number of concurrent sessions to a single destination is over a
threshold, the destination session limit is reached.
01-28011-0254-20051115
IPS
Table 32 for
"Backing up
Fortinet Inc.