Name: Fortinet FortiGate Series
Brand: Fortinet
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Using one-arm sniffer policies to detect network attacks Firewall Policy

FortiGate Version 4.0 MR1 Administration Guide

406 01-410-89802-20090903

http://docs.fortinet.com/ • Feedback

Configuring DoS policies

The DoS policy configuration allows you to specify the interface, a source address, a

destination address, and a service. All of the specified attributes must match network

traffic to trigger the policy.

You can also use the config firewall interface-policy CLI command to add

DoS policies from the CLI. You can also use this CLI command to add an IPS sensor or an

Application Control black/white list to a DoS policy. For more information, see the

FortiGate CLI Reference.

You can use the config firewall interface-policy6 command to add IPv6

sniffer policies. For more information about FortiGate IPv6 support, see “FortiGate IPv6

support” on page 289.

Figure 217: Editing a DoS policy

Using one-arm sniffer policies to detect network attacks

Using sniffer policies you can configure a FortiGate unit interface to operate as a one-arm

intrusion detection system (IDS) appliance by sniffing packets for attacks without actually

receiving and otherwise processing the packets.

Insert Policy Before icon Add a new policy above the corresponding policy (the New Policy

screen appears).

Move To icon Move the corresponding policy before or after another policy in the list.

Source Interface/Zone The interface or zone to be monitored.

Source Address Select an address, address range, or address group to limit traffic

monitoring to network traffic sent from the specified address or range.

Select Multiple to include multiple addresses or ranges. You can also

select Create New to add a new address or address group.

Destination Address Select an address, address range, or address group to limit traffic

monitoring to network traffic sent to the specified address or range.

Select Multiple to include multiple addresses or ranges. You can also

select Create New to add a new address or address group.

Service Select a firewall pre-defined service or a custom service to limit traffic

monitoring to only the selected service or services. You can also

select Create new to add a custom service.

DoS Sensor Select and specify a DoS sensor to have the FortiGate unit apply the

sensor to matching network traffic. You can also select Create new to

add a new DoS Sensor. See “DoS sensors” on page 545.

Fortinet FortiGate Series Administration Guide

Other manuals for Fortinet FortiGate Series