- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- IPS logging aggregation
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Not applicable
Created on 08-09-2007 12:00 AM
Article Id
193904
Article
| Description | How a FortiGate unit handles IPS logging aggregation. |
| Components |
|
| Steps or Commands | IPS aggregates attack logs to prevent the attacker from overloading the FortiGate unit by generating attack flood. When the IPS engine detects an attack, IPS engine first checks if the same attack has been detected in the last 5 seconds. If not, the attack is logged right away. If an attack is detected continuously, it is logged only once every 60 seconds. The log reports the IP/port information of the last detection and how many times it is aggregated.If a signature is triggered too often, it may indicate the network is under a heavy attack. It may also be caused by false alert of the signature. If you suspect the logs are false positives, contact Fortinet so IPS service team can improve the signature. Sometimes a signature is only to indicate some suspicious behavior. Normally these signatures are set to low severity. These behaviors may be very popular at one customer's network at one time, but rarely happen in another network. If required, you can choose to turn the signature off. |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.