Ips Cli Configuration - Fortinet FortiGate FortiGate-1000A Administration Manual
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
IPS
IPS CLI configuration
FortiGate-1000A/FA2 Administration Guide
Reset
Server
Drop
Session
Clear
Session
Pass
Session
threshold
To configure the settings of an anomaly
1
Go to IPS > Anomaly.
2
Select the Edit icon for the signature you want to configure.
3
Select the Enable box to enable the anomaly or clear the Enable box to disable the
anomaly.
4
Select the Logging box to enable logging for this anomaly or clear the Logging box to
disable logging for this anomaly.
5
Select an action for the FortiGate unit to take when traffic triggers this anomaly.
6
Enter a new threshold value if required.
7
Select OK.
To restore the default settings of an anomaly
1
Go to IPS > Anomaly.
2
Select the Reset icon for the anomaly you want to restore to defaults.
The Reset icon is displayed only if the settings for the anomaly have been changed
from defaults.
3
Select OK.
Note: This guide only covers Command Line Interface (CLI) commands that are not
represented in the web-based manager. For complete descriptions and examples of how to use
CLI commands see the FortiGate CLI Reference Guide.
When a packet triggers a signature, the FortiGate unit generates an
alert and drops the packet. The FortiGate unit sends a reset to the
server and drops the firewall session from the firewall session table.
This is used for TCP connections only. If set for non-TCP connection
based attacks, the action will behave as Clear Session. If the Reset
Server action is triggered before the TCP connection is fully established,
it acts as Clear Session.
When a packet triggers a signature, the FortiGate unit generates an
alert and drops the packet. For the remainder of this packet's firewall
session, all follow-up packets are dropped.
When a packet triggers a signature, the FortiGate unit generates an
alert and the session to which the packet belongs is removed from the
session table immediately. No reset is sent.
For TCP, all follow-up packets could be dropped.
For UDP, all follow-up packets could trigger the firewall to create a new
session.
When a packet triggers a signature, the FortiGate unit generates an
alert and allows the packet through the firewall. For the remainder of this
packet's session, the IPS is bypassed by all follow-up packets.
Traffic over the specified threshold triggers the anomaly.
01-28011-0254-20051115
IPS CLI configuration
303
Advertisement
Table of Contents
