FortiGate: System IPS i ochrona przed atakami Denial of Service

Introduction

In this tutorial, you will learn how to configure Intrusion Prevention System (IPS) and implement measures to detect and prevent Denial of Service (DoS) attacks using FortiGate. Understanding these configurations is crucial for enhancing your network's security against potential threats.

Step 1: Access the FortiGate Management Interface

• Open your web browser.
• Enter the FortiGate device's IP address in the address bar.
• Log in with your credentials (username and password).

Step 2: Configure the Intrusion Prevention System

• Navigate to the Security Profiles section.
• Select Intrusion Prevention.
• Click on Create New to set up a new IPS profile.
  • Name the profile appropriately (e.g., "IPS_Profile").
  • Choose the relevant signatures for your environment:
    • Select from the available predefined signatures.
    • Enable the signatures that are necessary for your network.
• Save your changes.

Step 3: Apply the IPS Profile to Your Firewall Policy

• Go to the Policy & Objects section.
• Select IPv4 Policy or IPv6 Policy depending on your network configuration.
• Edit an existing policy or create a new one.
  • Ensure the policy applies to the correct source and destination interfaces.
  • In the Security Profiles section, find the Intrusion Prevention dropdown.
  • Select the IPS profile you created in Step 2.
• Save the policy.

Step 4: Set Up DoS Protection

• Navigate to the Network section.
• Select DoS Policy.
• Click on Create New to define a new DoS policy.
  • Name the policy (e.g., "DoS_Protection").
  • Set the Type to either SYN Flood or other types based on your needs.
  • Configure the thresholds for detection:
    • Specify the maximum number of connections allowed.
    • Set the action to take when the threshold is exceeded (e.g., block, deny).
• Save the policy.

Step 5: Test Your Configuration

• Conduct a simulated attack to see if the IPS and DoS protection are functioning correctly.
  • Use tools like LOIC or Hping to generate traffic.
• Monitor the logs in the FortiGate interface to verify if the IPS detected and blocked the attack.

Step 6: Monitor and Adjust Settings

• Regularly check the Logs & Reports section for alerts related to IPS and DoS.
• Fine-tune the settings based on the logs to improve detection and prevention capabilities.
• Consider adjusting thresholds and signature settings to adapt to your network traffic patterns.

Conclusion

By following these steps, you have successfully configured the IPS and DoS protection on your FortiGate device, enhancing your network security. Regular monitoring and adjustments are essential to maintain effective protection against evolving threats. For further assistance, consider reaching out to technical support or engaging in training programs to deepen your understanding of FortiGate security solutions.