Protection profile configuration, Ips updates and information – Fortinet 100A User Manual

FortiGate-100A Administration Guide Version 2.80 MR7

FortiGate-100A Administration Guide

01-28007-0068-20041203

277

IPS

The FortiGate Intrusion Prevention System (IPS) combines signature- and anomaly-
based intrusion detection and prevention with low latency and excellent reliability. The
FortiGate unit can record suspicious traffic in logs, can send alert email to system
administrators, and can log, pass, drop, reset, or clear suspicious packets or
sessions. You can adjust some IPS anomaly thresholds to work best with the normal
traffic on the protected networks. You can also create custom signatures to customize
the FortiGate IPS for diverse network environments.

You can configure the IPS globally and then enable or disable all signatures or all
anomalies in individual firewall protection profiles.

Table 23

describes the IPS settings

and where to configure and access them. To access protection profile IPS options go
to Firewall > Protection Profile, select edit or Create New, and select IPS. See

“Protection profile options” on page 223

.

Protection profile configuration

For information about adding protection profiles to firewall policies, see

“To add a

protection profile to a policy” on page 229

.

IPS updates and information

FortiProtect services are a valuable customer resource and include automatic updates
of virus and IPS (attack) engines and definitions through the FortiProtect Distribution
Network (FDN). The FortiProtect Center also provides the FortiProtect virus and
attack encyclopedia and the FortiProtect Bulletin.

Visit the FortiProtect Center at

http://www.fortinet.com/FortiProtectCenter/

.

To set up automatic and push updates see

“Update center” on page 118

.

Table 23: IPS and Protection Profile IPS configuration

Protection Profile IPS options

IPS setting

IPS Signature

IPS > Signature

Enable or disable IPS signatures for all

network services.

View and configure a list of predefined

signatures.
Create custom signatures based on the

network requirements.

IPS Anomaly

IPS > Anomaly

Enable or disable IPS anomalies for all

network services.

View and configure a list of predefined

anomalies.