Configuring System Settings - Fortinet FortiGate FortiGate-1000A Administration Manual

IPS CLI configuration

Configuring system settings

304
The following CLI commands that are relevant to the IPS have been added. the
command system autoupdate ips is new for MR10.
system autoupdate ips
When the IPS is updated, user-modifed settings are retained. If recommended IPS
signature settings have not been modified, and the updated settings are different,
signature settings will be set according to accept-recommended-settings.
Command syntax pattern
config sys autoupdate ips
set accept-recommended-settings {enable | disable}
end
Keywords and variables
accept-recommended-
settings
{enable | disable}
system global ips-open
If for any reason the IPS should cease to function, it will fail open by default. This
means crucial network traffic will not be blocked, and the Firewall will continue to
operate while the problem is resolved.
Command syntax pattern
config sys global
set ips-open {enable | disable}
end
Enable ips_open to cause the IPS to fail open, and disable ips_open to cause the
IPS to fail closed.
Keywords and variables
ips-open
{enable | disable}
system global ip_signature
Save system resources by restricting IPS processing to only those services allowed
by firewall policies.
Command syntax pattern
config sys global
set ip_signature {enable | disable}
end
01-28011-0254-20051115
Description
Enter enable to take new signature
settings from the new default settings.
Enter disable to retain modified
signature settings.
Description
If for any reason the IPS should cease
to function, it will fail open by default.
This means that crucial network traffic
will not be blocked and the Firewall will
continue to operate while the problem is
resolved.
IPS
Default
disable
Default
enable
Fortinet Inc.