Fortinet 100A User Manual

Page 286

Advertising
background image

286

01-28007-0068-20041203

Fortinet Inc.

Custom

IPS

To configure the settings of an anomaly

1

Go to IPS > Anomaly.

2

Select the Edit icon for the signature you want to configure.

3

Select the Enable box to enable the anomaly or clear the Enable box to disable the
anomaly.

4

Select the Logging box to enable logging for this anomaly or clear the Logging box to
disable logging for this anomaly.

5

Select an action for the FortiGate unit to take when traffic triggers this anomaly.

6

Enter a new threshold value if required.

7

Select OK.

To restore the default settings of an anomaly

1

Go to IPS > Anomaly.

2

Select the Reset icon for the anomaly you want to restore to defaults.

The Reset icon is displayed only if the settings for the anomaly have been changed
from defaults.

3

Select OK.

Reset

The FortiGate unit drops the packet that triggered the anomaly, sends a

reset to both the client and the server, and removes the session from

the FortiGate session table. Used for TCP connections only. If you set

this action for non-TCP connection based attacks, the action will behave

as Clear Session. If the Reset action is triggered before the TCP

connection is fully established it acts as Clear Session.

Reset
Client

The FortiGate unit drops the packet that triggered the anomaly, sends a

reset to the client, and removes the session from the FortiGate session

table. Used for TCP connections only. If you set this action for non-TCP

connection based attacks, the action will behave as Clear Session. If the

Reset Client action is triggered before the TCP connection is fully

established it acts as Clear Session.

Reset
Server

The FortiGate unit drops the packet that triggered the anomaly, sends a

reset to the server, and removes the session from the FortiGate session

table. Used for TCP connections only. If you set this action for non-TCP

connection based attacks, the action will behave as Clear Session. If the

Reset Server action is triggered before the TCP connection is fully

established it acts as Clear Session.

Drop
Session

The FortiGate unit drops the packet that triggered the anomaly and

drops any other packets in the same session.

Clear
Session

The FortiGate unit drops the packet that triggered the anomaly, removes

the session from the FortiGate session table, and does not send a reset.

Pass
Session

The FortiGate unit lets the packet that triggered the anomaly and all

other packets in the session pass through the firewall.

threshold

Traffic over the specified threshold triggers the anomaly.

Advertising
Popular Brands
Popular manuals