226 Fortinet Inc.
Enabling NIDS attack prevention signatures Network Intrusion Detection System (NIDS)
Enabling NIDS attack prevention signatures
The NIDS Prevention module contains signatures that are designed to protect your
network against attacks. Some signatures are enabled by default; others must be
enabled. For a complete list of NIDS Prevention signatures and descriptions, see the
FortiGate NIDS Guide.
1 Go to NIDS > Prevention.
2 Check the box in the Enable column beside each signature that you want to enable.
3 Select Check All to enable all signatures in the NIDS attack prevention signature
list.
4 Select Uncheck All to disable all signatures in the NIDS attack prevention
signature list.
5 Select Reset to Default Values to enable only the default NIDS attack prevention
signatures and return to the default threshold values.
Figure 36: Example NIDS attack prevention signature list entries
Setting signature threshold values
You can change the default threshold values for the NIDS Prevention signatures listed
in Table 6. The threshold depends on the type of attack. For flooding attacks, the
threshold is the maximum number of packets received per second. For overflow
attacks, the threshold is the buffer size for the command. For large ICMP attacks, the
threshold is the ICMP packet size limit to pass through.