Configuring ips logging and alert email, Default fail open setting – Fortinet 100A User Manual
Page 288
288
01-28007-0068-20041203
Fortinet Inc.
Anomaly CLI configuration
IPS
Configuring IPS logging and alert email
Whenever the IPS detects or prevents an attack, it generates an attack message. You
can configure the FortiGate unit to add the message to the attack log and to send an
alert email to administrators. You can configure how often the FortiGate unit sends
alert email. You can also reduce the number of log messages and alerts by disabling
signatures for attacks that your system is not vulnerable to (for example, web attacks
when you are not running a web server). For more information on FortiGate logging
and alert email, see
Default fail open setting
If for any reason the IPS should cease to function, it will fail open by default. This
means that crucial network traffic will not be blocked and the Firewall will continue to
operate while the problem is resolved.
You can change the default fail open setting using the CLI:
config sys global
set ips-open [enable | disable]
end
Enable ips_open to cause the IPS to fail open and disable ips_open to cause the
IPS to fail closed.