Configuring Dos Policies; Using One-Arm Sniffer Policies To Detect Network Attacks - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Using one-arm sniffer policies to detect network attacks
Configuring DoS policies
Using one-arm sniffer policies to detect network attacks
406
Insert Policy Before icon
Move To icon
The DoS policy configuration allows you to specify the interface, a source address, a
destination address, and a service. All of the specified attributes must match network
traffic to trigger the policy.
You can also use the config firewall interface-policy CLI command to add
DoS policies from the CLI. You can also use this CLI command to add an IPS sensor or an
Application Control black/white list to a DoS policy. For more information, see the
FortiGate CLI
Reference.
You can use the config firewall interface-policy6 command to add IPv6
sniffer policies. For more information about FortiGate IPv6 support, see
support" on page
289.
Figure 217: Editing a DoS policy
Source Interface/Zone
Source Address
Destination Address
Service
DoS Sensor
Using sniffer policies you can configure a FortiGate unit interface to operate as a one-arm
intrusion detection system (IDS) appliance by sniffing packets for attacks without actually
receiving and otherwise processing the packets.
Add a new policy above the corresponding policy (the New Policy
screen appears).
Move the corresponding policy before or after another policy in the list.
The interface or zone to be monitored.
Select an address, address range, or address group to limit traffic
monitoring to network traffic sent from the specified address or range.
Select Multiple to include multiple addresses or ranges. You can also
select Create New to add a new address or address group.
Select an address, address range, or address group to limit traffic
monitoring to network traffic sent to the specified address or range.
Select Multiple to include multiple addresses or ranges. You can also
select Create New to add a new address or address group.
Select a firewall pre-defined service or a custom service to limit traffic
monitoring to only the selected service or services. You can also
select Create new to add a custom service.
Select and specify a DoS sensor to have the FortiGate unit apply the
sensor to matching network traffic. You can also select Create new to
add a new DoS Sensor. See
FortiGate Version 4.0 MR1 Administration Guide
"FortiGate IPv6
"DoS sensors" on page
545.
01-410-89802-20090903
http://docs.fortinet.com/
Firewall Policy
•
Feedback
Advertisement
Table of Contents
