Table of Contents
Advertisement
Preventing attacks
Enabling NIDS attack prevention signatures
Setting signature threshold values
198
The NIDS Prevention module contains signatures that are designed to protect your
network against attacks. Some signatures are enabled by default; others must be
enabled. For a complete list of NIDS Prevention signatures and descriptions, see the
FortiGate NIDS Guide.
1
Go to NIDS > Prevention.
2
Check the box in the Enable column beside each signature that you want to enable.
3
Select Check All
list.
4
Select Uncheck All
signature list.
5
Select Reset to Default Values
signatures and return to the default threshold values.
Figure 36: Example NIDS attack prevention signature list entries
You can change the default threshold values for the NIDS Prevention signatures listed
in
Table
6. The threshold depends on the type of attack. For flooding attacks, the
threshold is the maximum number of packets received per second. For overflow
attacks, the threshold is the buffer size for the command. For large ICMP attacks, the
threshold is the ICMP packet size limit to pass through.
to enable all signatures in the NIDS attack prevention signature
to disable all signatures in the NIDS attack prevention
to enable only the default NIDS attack prevention
Network Intrusion Detection System (NIDS)
Fortinet Inc.
Advertisement
Table of Contents
