Understanding The Anomalies - Fortinet FortiGate Series Administration Manual

Intrusion Protection

Understanding the anomalies

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Figure 326: Edit DoS Sensor
DoS sensor attributes:
Name Enter or change the DoS sensor name.
Comments Enter or change an optional description of the DoS sensor. This description
will appear in the DoS sensor list.
Anomalies Configuration
Name The name of the anomaly.
Enable Select the check box to enable the DoS sensor to detect when the
specified anomaly occurs. Selecting the check box in the header row will
enable sensing of all anomalies.
Logging Select the check box to enable the DoS sensor to log when the anomaly
occurs. Selecting the check box in the header row will enable logging for all
anomalies. Anomalies that are not enabled are not logged.
Action Select Pass to allow anomalous traffic to pass when the FortiGate unit
detects it, or set Block to prevent the traffic from passing.
Threshold Displays the number of sessions/packets that must show the anomalous
behavior before the FortiGate unit triggers the anomaly action (pass or
block). If required, change the number. For more information about how
these settings affect specific anomalies, see
For each of the TCP, UDP, and ICMP protocols, DoS sensors offer four statistical anomaly
types. The result is twelve configurable anomalies.
Table 49 on page 548.
DoS sensors
547