304
01-28006-0010-20041105
Fortinet Inc.
Signature
IPS
Custom
You can create custom IPS signatures. The custom signatures you create are added
to a single Custom signature group.
Custom signatures provide the power and flexibility to customize the FortiGate IPS for
diverse network environments. The FortiGate predefined signatures cover common
attacks. If you are using an unusual or specialized application or an uncommon
platform, you can add custom signatures based on the security alerts released by the
application and platform vendors.
You can also use custom signatures to block or allow specific traffic. For example to
block traffic containing pornography, you can add custom signatures similar to the
following:
F-SBID (--protocol tcp; --flow established; --content "nude cheerleader"; --no_case)
When you add the signature set action to Drop Session.
For more information on custom signature syntax see the
FortiGate IPS Custom
Signatures Technical Bulletin
.
Custom signature list
Figure 146:The custom signature group
idle_timeout
If a session is idle for longer than this number of seconds, the session will
not be maintained by tcp_reassembler.
min_ttl
A packet with a higher ttl number in its IP header than the number specified
here is not processed by tcp_reassembler.
port_list
A comma separated list of ports. The dissector can decode these TCP ports.
bad_flag_list
A comma separated list of bad TCP flags.
reassembly_
direction
Valid settings are from-server, from-client, or both.
codepoint
A number from 0 to 63. Used for differentiated services tagging. When the
action for p2p and im signatures is set to Pass, the FortiGate unit checks the
codepoint. If the codepoint is set to a number from 1 to 63, the codepoint for
the session is changed to the specified value. If the codepoint is set to -1
(the default) no change is made to the codepoint in the IP header.
Note:
Custom signatures are an advanced feature. This document assumes the user has
previous experience creating intrusion detection signatures.
Enable custom
signature
Select the Enable custom signature box to enable the custom signature
group or clear the Enable custom signature box to disable the custom
signature group.
Create New
Select Create New to create a new custom signature.
Summary of Contents for FortiGate 3000
Page 18: ...Contents 18 01 28006 0010 20041105 Fortinet Inc ...
Page 52: ...52 01 28006 0010 20041105 Fortinet Inc Changing the FortiGate firmware System status ...
Page 78: ...78 01 28006 0010 20041105 Fortinet Inc FortiGate IPv6 support System network ...
Page 86: ...86 01 28006 0010 20041105 Fortinet Inc Dynamic IP System DHCP ...
Page 116: ...116 01 28006 0010 20041105 Fortinet Inc FortiManager System config ...
Page 122: ...122 01 28006 0010 20041105 Fortinet Inc Access profiles System administration ...
Page 252: ...252 01 28006 0010 20041105 Fortinet Inc CLI configuration Users and authentication ...
Page 390: ...390 01 28006 0010 20041105 Fortinet Inc Glossary ...
Page 398: ...398 01 28006 0010 20041105 Fortinet Inc Index ...