Setting Signature Threshold Values - Fortinet FortiGate 50A Installation And Configuration Manual

Fortinet fortigate installation and configuration guide

Hide thumbs Also See for FortiGate 50A:

Installation manual (52 pages)

Installation manual (44 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

Table of Contents

Network Intrusion Detection System (NIDS)

Setting signature threshold values

FortiGate-50A Installation and Configuration Guide

You can change the default threshold values for the NIDS Prevention signatures listed

Table

20. The threshold depends on the type of attack. For flooding attacks, the

threshold is the maximum number of packets received per second. For overflow

attacks, the threshold is the buffer size for the command. For large ICMP attacks, the

threshold is the ICMP packet size limit to pass through.

For example, setting the icmpflood signature threshold to 500 allows 500 echo

requests from a source address, to which the system sends echo replies. The

FortiGate unit drops any requests over the threshold of 500.

If you enter a threshold value of 0 or a number out of the allowable range, the

FortiGate unit uses the default value.

Table 20: NIDS Prevention signatures with threshold values

Signature

Threshold value units

abbreviation

synflood

Threshold: Maximum number of SYN

segments received per second.

Queue Size: Maximum proxied

connections.

Timeout: Number of seconds for the

SYN cookie to keep a proxied

connection alive.

portscan

Maximum number of SYN segments

received per second

srcsession

Total number of TCP sessions initiated

from the same source

ftpovfl

Maximum buffer size for an FTP

command (bytes)

smtpovfl

Maximum buffer size for an SMTP

command (bytes)

pop3ovfl

Maximum buffer size for a POP3

command (bytes)

udpflood

Maximum number of UDP packets

received from the same source or sent

to the same destination per second

udpsrcsession

Total number of UDP sessions initiated

from the same source

icmpflood

Maximum number of ICMP packets

received from the same source or sent

to the same destination per second

icmpsrcsession

Total number of ICMP sessions

initiated from the same source

icmpsweep

Maximum number of ICMP packets

received from the same source per

second

icmplarge

Maximum ICMP packet size (bytes)

Preventing attacks

Default

Minimum

Maximum

threshold

value

2048

1000000

4096

100

1000000

3600

512

1000000

2048

1000000

256

1408

512

1408

512

1408

2048

1000000

2048

1000000

256

1000000

128

1000000

128

1000000

32000

64000

221

Table of Contents

Show Quick Links

Quick Links:
Connecting to the Web-Based Manager

Hide quick links:

Table of Contents

Setting Signature Threshold Values - Fortinet FortiGate 50A Installation And Configuration Manual

Setting signature threshold values

Hide quick links:

Related Manuals for Fortinet FortiGate 50A

Related Content for Fortinet FortiGate 50A

Table of Contents