Successfully reported this slideshow.

FortiGate Firewall HOW-TO - IPS & DOS protection

25,983 views

Published on

In this lesson, we will show you how to enable the #IPS features and enable #DOS policy onto the #FortiGate #firewall. Stay with us!

Published in: Technology
  • Be the first to comment

FortiGate Firewall HOW-TO - IPS & DOS protection

  1. 1. FORTIGATE FIREWALL HOW TO IPS AND DOS PROTECTION www.ipmax.it
  2. 2. INTRODUCTION In the enterprise environment is usual to have one or more public servers offering web services and more. This servers are internally placed in DMZs (discussed in a previous post), but the DMZs alone don’t provide all security features to keep servers protected by external attacks. Attacks to these servers usually exploit known software vulnerabilities and use common tricks, so a system able to detect and block them could be a valid countermeasure to this kind of attacks. A system that can monitor and detect network attack is called Intrusion Detection System (IDS), a system able to block them is called Intrusion Prevention System (IPS). In the following slides we will show you how to enable the IPS features onto the FortiGate firewall.
  3. 3. CONFIGURING IPS As other UTM functionalities, the IPS bases itself on Security Profiles and sensors. Go to Security Profiles > Intrusion Protection > IPS Sensors and click the plus icon in the upper right corner of the window to create a new sensor. Give it a name and click onto the OK button. Now we have to crate a new IPS filter, choosing which vulnerabilities to monitor and block. Because we are protecting a server, we could restrict the list of recognized vulnerabilities using the Target and OS check boxes. See next slide to see a picture of the IPS filter configuration.
  4. 4. CONFIGURING IPS - CONTINUED Because we aim to block attacks instead only monitoring them, we must select “Block All” at the end of the page. As seen in the previous post, every security profile needs to be applied in a security police. Go to Policy > Policy > Policy and edit your policy that permits the DMZ to be reached from the Internet, then add the just created IPS security profile.
  5. 5. CONFIGURING DOS PROTECTION DOS attacks tend to overwhelm server resources with a huge amount of connections. To avoid this kind of attack a DOS policy is required. Before creating the DOS policy, make sure your FortiGate Firewall has the Vulnerability Scan feature enabled. To enable it go to System > Config > Feature and click the ON button. Finally go to Policy > Policy > DoS Policy and create a new policy with incoming interface your Internet facing port; then set source IP, destination IP and service to “All” in order to intercept any attack on that port. Finally, in the Anomaly List you could set attack types you want to detect and block. Make sure to select the Block action.
  6. 6. MORE NEEDS? See hints on www.ipmax.it Or email us your questions to info_ipmax@ipmax.it
  7. 7. IPMAX IPMAX is a Fortinet Partner in Italy. IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation. IPMAX srl Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171

×