fortigate firewall how-to - ips & dos protection
DESCRIPTION
In this lesson, we will show you how to enable the #IPS features and enable #DOS policy onto the #FortiGate #firewall. Stay with us!TRANSCRIPT
FORTIGATE FIREWALL HOW TOIPS AND DOS PROTECTION
www.ipmax.it
INTRODUCTIONIn the enterprise environment is usual to have one or more public servers offering webservices and more.This servers are internally placed in DMZs (discussed in a previous post), but the DMZsalone don’t provide all security features to keep servers protected by external attacks.Attacks to these servers usually exploit known software vulnerabilities and use commontricks, so a system able to detect and block them could be a valid countermeasure tothis kind of attacks.A system that can monitor and detect network attack is called Intrusion DetectionSystem (IDS), a system able to block them is called Intrusion Prevention System (IPS).
In the following slides we will show you how to enable the IPS features onto theFortiGate firewall.
CONFIGURING IPSAs other UTM functionalities, the IPS bases itself on Security Profiles and sensors.Go to Security Profiles > Intrusion Protection > IPS Sensors and click the plus icon in theupper right corner of the window to create a new sensor.
Give it a name and click onto the OK button.
Now we have to crate a new IPS filter, choosing which vulnerabilities to monitor and block.Because we are protecting a server, we could restrict the list of recognized vulnerabilities usingthe Target and OS check boxes.
See next slide to see a picture of the IPS filter configuration.
CONFIGURING IPS - CONTINUEDBecause we aim to block attacks instead onlymonitoring them, we must select “Block All” atthe end of the page.
As seen in the previous post, every securityprofile needs to be applied in a security police.
Go to Policy > Policy > Policy and edit yourpolicy that permits the DMZ to be reached fromthe Internet, then add the just created IPSsecurity profile.
CONFIGURING DOS PROTECTIONDOS attacks tend to overwhelm server resources with a huge amount ofconnections. To avoid this kind of attack a DOS policy is required.Before creating the DOS policy, make sure yourFortiGate Firewall has the Vulnerability Scanfeature enabled. To enable it go to System >Config > Feature and click the ON button.
Finally go to Policy > Policy > DoS Policy and create a new policy with incoming interface your Internet facing port; then set source IP, destination IP and service to “All” in order to intercept any attack on that port.Finally, in the Anomaly List you could set attack types you want to detect and block. Make sure to select the Block action.
IPMAX
IPMAX is a Fortinet Partner in Italy.IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation.
IPMAX srlVia Ponchielli, 420063 Cernusco sul Naviglio (MI) – Italy+39 02 9290 9171