Fortinet FortiGate FortiGate-60M Administration Manual page 288
Version 2.80 mr7 antivirus firewalls
Hide thumbs
Also See for FortiGate FortiGate-60M:
- Quick start manual (2 pages) ,
- Installation manual (64 pages)
Table of Contents
Advertisement
Anomaly
288
Reset
Reset
Client
Reset
Server
Drop
Session
Clear
Session
Pass
Session
threshold
To configure the settings of an anomaly
1
Go to IPS > Anomaly.
2
Select the Edit icon for the signature you want to configure.
3
Select the Enable box to enable the anomaly or clear the Enable box to disable the
anomaly.
4
Select the Logging box to enable logging for this anomaly or clear the Logging box to
disable logging for this anomaly.
5
Select an action for the FortiGate unit to take when traffic triggers this anomaly.
6
Enter a new threshold value if required.
7
Select OK.
To restore the default settings of an anomaly
1
Go to IPS > Anomaly.
2
Select the Reset icon for the anomaly you want to restore to defaults.
The Reset icon is displayed only if the settings for the anomaly have been changed
from defaults.
3
Select OK.
The FortiGate unit drops the packet that triggered the anomaly, sends a
reset to both the client and the server, and removes the session from
the FortiGate session table. Used for TCP connections only. If you set
this action for non-TCP connection based attacks, the action will behave
as Clear Session. If the Reset action is triggered before the TCP
connection is fully established it acts as Clear Session.
The FortiGate unit drops the packet that triggered the anomaly, sends a
reset to the client, and removes the session from the FortiGate session
table. Used for TCP connections only. If you set this action for non-TCP
connection based attacks, the action will behave as Clear Session. If the
Reset Client action is triggered before the TCP connection is fully
established it acts as Clear Session.
The FortiGate unit drops the packet that triggered the anomaly, sends a
reset to the server, and removes the session from the FortiGate session
table. Used for TCP connections only. If you set this action for non-TCP
connection based attacks, the action will behave as Clear Session. If the
Reset Server action is triggered before the TCP connection is fully
established it acts as Clear Session.
The FortiGate unit drops the packet that triggered the anomaly and
drops any other packets in the same session.
The FortiGate unit drops the packet that triggered the anomaly, removes
the session from the FortiGate session table, and does not send a reset.
The FortiGate unit lets the packet that triggered the anomaly and all
other packets in the session pass through the firewall.
Traffic over the specified threshold triggers the anomaly.
01-28007-0144-20041217
IPS
Fortinet Inc.
Advertisement
Table of Contents
