Fortinet FortiGate FortiGate-1000A Administration Manual page 302

Fortinet fortigate fortigate-1000a: user guide
Hide thumbs Also See for FortiGate FortiGate-1000A:
Table of Contents

Advertisement

Anomaly
302
Figure 157:Editing the portscan IPS anomaly
Figure 158:Editing the syn_fin IPS anomaly
Name
The anomaly name.
Enable
Select the Enable box to enable the anomaly or clear the Enable box to
disable the anomaly.
Logging
Select the Logging box to enable logging for the anomaly or clear the
Logging box to disable logging for the anomaly.
Action
Select an action for the FortiGate unit to take when traffic triggers this
anomaly.
Pass
When a packet triggers a signature, the FortiGate unit generates an
alert and allows the packet through the firewall without further action.
If logging is disabled and action is set to Pass, the signature is
effectively disabled.
Drop
When a packet triggers a signature, the FortiGate unit generates an
alert and drops the packet. The firewall session is not touched.
Fortinet recommends using an action other than Drop for TCP
connection based attacks.
Reset
When a packet triggers a signature, the FortiGate unit generates an
alert and drops the packet. The FortiGate unit sends a reset to both the
client and the server and drops the firewall session from the firewall
session table.
This is used for TCP connections only. If set for non-TCP connection
based attacks, the action will behave as Clear Session. If the Reset
action is triggered before the TCP connection is fully established, it acts
as Clear Session.
Reset
When a packet triggers a signature, the FortiGate unit generates an
Client
alert and drops the packet. The FortiGate unit sends a reset to the client
and drops the firewall session from the firewall session table.
This is used for TCP connections only. If set for non-TCP connection
based attacks, the action will behave as Clear Session. If the Reset
Client action is triggered before the TCP connection is fully established,
it acts as Clear Session.
01-28011-0254-20051115
IPS
Fortinet Inc.

Advertisement

Table of Contents
loading

Table of Contents