Intrusion Protection IPS sensors
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 537
http://docs.fortinet.com/ • Feedback
Upgrading the IPS protocol decoder list
The Intrusion Protection system protocol decoders are upgraded automatically through
the FortiGuard Distribution Network (FDN) if existing decoders are modified or new
decoders added. The FDN keeps the protocol decoder list up-to-date with protection
against new threats such as the latest versions of existing IM/P2P as well as against new
applications.
IPS sensors
You can group signatures into IPS sensors for easy selection in protection profiles. You
can define signatures for specific types of traffic in separate IPS sensors, and then select
those sensors in profiles designed to handle that type of traffic. For example, you can
specify all of the web-server related signatures in an IPS sensor, and the sensor can then
be used by a protection profile in a policy that controls all of the traffic to and from a web
server protected by the FortiGate unit.
The FortiGuard Service periodically updates the pre-defined signatures, with signatures
added to counter new threats. Because the signatures included in filters are defined by
specifying signature attributes, new signatures matching existing filter specifications will
automatically be included in those filters. For example, if you have a filter that includes all
signatures for the Windows operating system, your filter will automatically incorporate new
Windows signatures as they are added.
Viewing the IPS sensor list
To view the IPS sensors, go to UTM > Intrusion Protection > IPS Sensor.
Figure 318: IPS Sensor list showing the default sensors
Five default IPS sensors are provided with the default configuration.
Create New Add a new IPS sensor. For more information, see “Adding an IPS
sensor” on page 538.
Name The name of each IPS sensor.
Comments An optional description of the IPS sensor.
Delete and Edit icons Delete or edit an IPS sensor.
all_default Includes all signatures. The sensor is set to use the default enable
status and action of each signature.
all_default_pass Includes all signatures. The sensor is set to use the default enable
status of each signature, but the action is set to pass.
protect_client Includes only the signatures designed to detect attacks against clients;
uses the default enable status and action of each signature.
To Next Page
Loading...
Need help?
General