Custom, Custom signature list – Fortinet 100A User Manual

Page 282

Advertising
background image

282

01-28007-0068-20041203

Fortinet Inc.

Custom

IPS

Custom

You can create custom IPS signatures. The custom signatures you create are added
to a single Custom signature group.

Custom signatures provide the power and flexibility to customize the FortiGate IPS for
diverse network environments. The FortiGate predefined signatures cover common
attacks. If you are using an unusual or specialized application or an uncommon
platform, you can add custom signatures based on the security alerts released by the
application and platform vendors.

You can also use custom signatures to block or allow specific traffic. For example to
block traffic containing pornography, you can add custom signatures similar to the
following:

F-SBID (--protocol tcp; --flow established; --content "nude cheerleader"; --no_case)

When you add the signature set action to Drop Session.

For more information on custom signature syntax see the FortiGate IPS Custom
Signatures Technical Bulletin.

Custom signature list

Figure 147:The custom signature group

idle_timeout

If a session is idle for longer than this number of seconds, the session will

not be maintained by tcp_reassembler.

min_ttl

A packet with a higher ttl number in its IP header than the number specified

here is not processed by tcp_reassembler.

port_list

A comma separated list of ports. The dissector can decode these TCP ports.

bad_flag_list

A comma separated list of bad TCP flags.

reassembly_
direction

Valid settings are from-server, from-client, or both.

codepoint

A number from 0 to 63. Used for differentiated services tagging. When the

action for p2p and im signatures is set to Pass, the FortiGate unit checks the

codepoint. If the codepoint is set to a number from 1 to 63, the codepoint for

the session is changed to the specified value. If the codepoint is set to -1

(the default) no change is made to the codepoint in the IP header.

Note: Custom signatures are an advanced feature. This document assumes the user has
previous experience creating intrusion detection signatures.

Enable custom
signature

Select the Enable custom signature box to enable the custom signature

group or clear the Enable custom signature box to disable the custom

signature group.

Create New

Select Create New to create a new custom signature.

Advertising
Popular Brands
Popular manuals