Using Display Filters - Fortinet FortiGate Series Administration Manual

Signatures

Using display filters

534
Clear All Filters If you have applied filtering to the predefined signature list display, select this
option to clear all filters and display all the signatures.
Filter icons Edit the column filters to filter or sort the predefined signature list according to
the criteria you specify. For more information, see
manager lists" on page
Name The name of the signature. Each name is also a link to the description of the
signature in the
Severity The severity rating of the signature. The severity levels, from lowest to highest,
are Information, Low, Medium, High, and Critical.
Target The target of the signature: servers, clients, or both.
Protocols The protocol the signature applies to.
OS The operating system the signature applies to.
Applications The applications the signature applies to.
Enable The default status of the signature. A green circle indicates the signature is
enabled. A gray circle indicates the signature is not enabled.
Action The default action for the signature:
Pass — allows the traffic to continue without any modification.
Drop — prevents the traffic with detected signatures from reaching its
destination.
If Logging is enabled, the action appears in the status field of the log message
generated by the signature.
ID A unique numeric identifier for the signature.
Logging The default logging behavior of the signature. A green circle indicates logging is
enabled. A gray circle indicates logging is disabled.
Group A functional group that is assigned to that signature. This group is only for
reference and cannot be used to define filters.
Packet Log The default packet log status of the signature. A green circle indicates that the
packet log is enabled. A gray circle indicates that the packet log is not enabled.
Revision The revision level of the signature. If the signature is updated, the revision
number will be incremented.
Tip: To determine what effect IPS protection would have on your network traffic, you can
enable the required signatures, set the action to pass, and enable logging. Traffic will not be
interrupted, but you will be able to examine in detail which signatures were detected.
By default, all the predefined signatures are displayed. You can apply filters to display only
the signatures you want to view. For example, if you want to view only the Windows
signatures, you can use the OS status filter. For more information, see
web-based manager lists" on page
To apply filters to the predefined signature list
1 Go to UTM > Intrusion Protection > Predefined.
2 Select the filter icon beside any column name in the signature table.
3 In Edit Filters, specify the filtering criteria. The criteria will vary depending on the
column name.
4 Select the Enable check box.
5 Select OK.
99.
FortiGuard Center Vulnerability
99.
FortiGate Version 4.0 MR1 Administration Guide
Intrusion Protection
"Adding filters to web-based
Encyclopedia.
"Adding filters to
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback