Fortinet Fortigate-5000 series Administration Manual page 352

Predefined signatures
352
Column Select to customize the signature information to display in the table. You
can also readjust the column order.
Settings
By default, the signature ID, group name, and revision number are not
displayed.
Name Name of the signature.
Enable The status of the signature. A green circle indicates the signature is
enabled. A gray circle indicates the signature is not enabled.
Logging The logging status of the signature. By default, logging is enabled for all
signatures. If logging is enabled, the action appears in the status field of
the log message generated by the signature.
Action The action set for the signature. Action can be Pass, Drop, Reset, Reset
Client, Reset Server, Drop Session, Clear Session, or Pass Session. If
logging is enabled, the action appears in the status field of the log
message generated by the signature. See
the actions.
Severity The severity level set for the signature. Severity level can be set to
Information, Low, Medium, High, or Critical.
Protocols The protocol the signature applies to.
OS The operating system the signature applies to.
Applications The applications the signature applies to.
ID The signature's unique ID.
Group The name of the signature group that the signature belongs to.
Revision The revision number of the signature.
Configure icon Configure settings for the signature.
Reset icon Reset only appears when the default settings for a signature have been
modified. Selecting Reset for a signature restores the default settings.
Table 36 describes each possible action to take for predefined signatures, custom
signatures and anomalies.
Table 36: Actions to select for each predefined signature
Action Description
Pass When a packet triggers a signature, the FortiGate unit generates an
alert and allows the packet through the firewall without further action.
If logging is disabled and action is set to Pass, the signature is
effectively disabled.
Drop When a packet triggers a signature, the FortiGate unit generates an
alert and drops the packet. The firewall session is not touched.
Fortinet recommends using an action other than Drop for TCP
connection based attacks.
Reset When a packet triggers a signature, the FortiGate unit generates an
alert and drops the packet. The FortiGate unit sends a reset to both
the client and the server and drops the firewall session from the
firewall session table.
This is used for TCP connections only. If set for non-TCP connection
based attacks, the action will behave as Clear Session. If the Reset
action is triggered before the TCP connection is fully established, it
acts as Clear Session.
Reset Client When a packet triggers a signature, the FortiGate unit generates an
alert and drops the packet. The FortiGate unit sends a reset to the
client and drops the firewall session from the firewall session table.
This is used for TCP connections only. If set for non-TCP connection
based attacks, the action will behave as Clear Session. If the Reset
Client action is triggered before the TCP connection is fully
established, it acts as Clear Session.
Table 36 for descriptions of
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
Intrusion Protection