Name: Fortinet FortiGate Series
Brand: Fortinet
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Firewall Policy Using one-arm sniffer policies to detect network attacks

FortiGate Version 4.0 MR1 Administration Guide

01-410-89802-20090903 409

http://docs.fortinet.com/ • Feedback

Configuring sniffer policies

Use the sniffer policy configuration to specify the interface, a source address, a

destination address, and a service. All of the specified attributes must match network

traffic to trigger the policy.

You can also use the config firewall sinff-interface-policy CLI command

to add sinffer policies from the CLI. For more information, see the FortiGate CLI

Reference.

You can use the config firewall sniff-interface-policy6 command to add

IPv6 sniffer policies. For more information about FortiGate IPv6 support, see “FortiGate

IPv6 support” on page 289.

Figure 220: Editing a sniffer policy

Application Black/White

List

The Application Black/White List selected in this policy.

Delete icon Delete the policy from the list.

Edit icon Edit the policy.

Insert Policy Before icon Add a new policy above the corresponding policy (the New Policy

screen appears).

Move To icon Move the corresponding policy before or after another policy in the list.

Source Interface/Zone The interface or zone to be monitored.

Source Address Select an address, address range, or address group to limit traffic

monitoring to network traffic sent from the specified address or range.

Select Multiple to include multiple addresses or ranges. You can also

select Create New to add a new address or address group.

Destination Address Select an address, address range, or address group to limit traffic

monitoring to network traffic sent to the specified address or range.

Select Multiple to include multiple addresses or ranges. You can also

select Create New to add a new address or address group.

Service Select a firewall pre-defined service or a custom service to limit traffic

monitoring to only the selected service or services. You can also

select Create new to add a custom service.

DoS Sensor Select and specify a DoS sensor to have the FortiGate unit apply the

sensor to matching network traffic. You can also select Create new to

add a new DoS Sensor. See “DoS sensors” on page 545.

Fortinet FortiGate Series Administration Guide

Other manuals for Fortinet FortiGate Series