Upgrading The Ips Protocol Decoder List; Ips Sensors; Viewing The Ips Sensor List - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Intrusion Protection
Upgrading the IPS protocol decoder list
IPS sensors
Viewing the IPS sensor list
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
The Intrusion Protection system protocol decoders are upgraded automatically through
the FortiGuard Distribution Network (FDN) if existing decoders are modified or new
decoders added. The FDN keeps the protocol decoder list up-to-date with protection
against new threats such as the latest versions of existing IM/P2P as well as against new
applications.
You can group signatures into IPS sensors for easy selection in protection profiles. You
can define signatures for specific types of traffic in separate IPS sensors, and then select
those sensors in profiles designed to handle that type of traffic. For example, you can
specify all of the web-server related signatures in an IPS sensor, and the sensor can then
be used by a protection profile in a policy that controls all of the traffic to and from a web
server protected by the FortiGate unit.
The FortiGuard Service periodically updates the pre-defined signatures, with signatures
added to counter new threats. Because the signatures included in filters are defined by
specifying signature attributes, new signatures matching existing filter specifications will
automatically be included in those filters. For example, if you have a filter that includes all
signatures for the Windows operating system, your filter will automatically incorporate new
Windows signatures as they are added.
To view the IPS sensors, go to UTM > Intrusion Protection > IPS Sensor.
Figure 318: IPS Sensor list showing the default sensors
Create New
Name
Comments
Delete and Edit icons
Five default IPS sensors are provided with the default configuration.
all_default
all_default_pass
protect_client
Add a new IPS sensor. For more information, see
sensor" on page
538.
The name of each IPS sensor.
An optional description of the IPS sensor.
Delete or edit an IPS sensor.
Includes all signatures. The sensor is set to use the default enable
status and action of each signature.
Includes all signatures. The sensor is set to use the default enable
status of each signature, but the action is set to pass.
Includes only the signatures designed to detect attacks against clients;
uses the default enable status and action of each signature.
IPS sensors
Edit
Delete
"Adding an IPS
537
Advertisement
Table of Contents
