228 Fortinet Inc.
Configuring synflood signature values Network Intrusion Detection System (NIDS)
Configuring synflood signature values
For synflood signatures, you can set the threshold, queue size, and keep alive values.
1 Go to NIDS > Prevention.
2 Select Modify for the synflood signature.
3 Type the Threshold value.
4 Type the Queue Size.
5 Type the Timeout value.
6 Select the Enable check box.
Alternatively, select the synflood Enable check box in the Prevention signature list.
7 Select OK.
Logging attacks
Whenever the NIDS detects or prevents an attack, it generates an attack message.
You can configure the system to add the message to the attack log.
• Logging attack messages to the attack log
• Reducing the number of NIDS attack log and email messages
Logging attack messages to the attack log
Use the following procedure to log attack messages to the attack log.
1 Go to Log&Report > Log Setting.
2 Select Config Policy for the log locations you have set.
3 Select Attack Log.
4 Select Attack Detection and Attack Prevention.
5 Select OK.
Value Description Minimum
value
Maximum
value
Default
value
Threshold Number of SYN requests sent to a
destination host or server per second. If the
SYN requests are being sent to all ports on
the destination, as opposed to just one port,
the threshold quadruples (4 x).
30 3000 200
Queue Size Maximum number of proxied connections
that the FortiGate unit handles. The
FortiGate unit discards additional proxy
requests.
10 10240 1024
Timeout Number of seconds for the SYN cookie to
keep a proxied connection alive. This value
limits the size of the proxy connection table.
36015
Note: For information about log message content and formats, and about log locations, see the
Logging Configuration and Reference Guide.