Anomaly Cli Configuration; Config Limit - Fortinet FortiGate FortiGate-60 Administration Manual

IPS

Anomaly CLI configuration

FortiGate-60 Administration Guide
Note: This guide only covers Command Line Interface (CLI) commands that are not
represented in the web-based manager. For complete descriptions and examples of how to use
CLI commands see the FortiGate CLI Reference Guide.
(config ips anomaly) config limit
Note: This command has more keywords than are listed in this Guide. See the FortiGate CLI
Reference Guide for a complete list of commands and keywords.
Access the config limit subcommand using the config ips anomaly
<name_str> command. Use this command for session control based on source and
destination network address. This command is available for tcp_src_session,
tcp_dst_session, icmp_src_session, icmp_dst_session,
udp_src_session, udp_dst_session.
You cannot edit the default entry. Addresses are matched from more specific to
more general. For example, if you define thresholds for 192.168.100.0/24 and
192.168.0.0/16, the address with the 24 bit netmask will be matched first.
Command syntax pattern

config limit

edit <name_str>
set <keyword> <variable>
end
config limit
edit <name_str>
unset <keyword>
end
config limit
delete <name_str>
limit command keywords and variables
Keywords and variables
ipaddress
<address_ipv4mask>
threshold
<threshold_integer>
Example
Use the following command to configure the limit for the tcp_src_session
anomaly.
config ips anomaly tcp_src_session
config limit
end
01-28006-0002-20041105
Description
The ip address and netmask of the
source or destination network.
Set the threshold that triggers this
anomaly.
edit subnet1
set ipaddress 1.1.1.0 255.255.255.0
set threshold 300
end
Anomaly
Default Availability
No All models.
default.
No All models.
default.
301