I configured the IPS and DoS on our Fortigate E seriesto protect against TCP & UDP scans, floods and ICMP sweeps. These include blocking source IPS and quarantine them. I got it to the point which is giving satisfying results. The purpose was to protect the network from enumeration attacks.
The problem is on the reporting. The IPS reports always shows all Critical leaving on the top list the scans.
Nowadays scans are everywhere, bots are automatically scanning subnets and running attacks. I don't care about them as they are getting blocked and quarantined, but they look bad on a report and do not allow to highlight the real Critical threats.
I wanted to find a way to change the severity of such signatures or DoS anomaly sensors, but all DoS profiles are all marked as Critical. I contacted support and they confirmed that IPS signatures and DoS profiles severity cannot be changed. Creating a custom signature is useless for this as we don't know every signature and they can't be cloned or edited.
Could the Fortinet developers add such feature? To allow to change the severity of a signature, category or DoS profile?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.