config ips global
Configure IPS global parameter.
config ips global Description: Configure IPS global parameter. set fail-open [enable|disable] set database [regular|extended] set traffic-submit [enable|disable] set anomaly-mode [periodical|continuous] set session-limit-mode [accurate|heuristic] set intelligent-mode [enable|disable] set socket-size {integer} set engine-count {integer} set sync-session-ttl [enable|disable] set skype-client-public-ipaddr {var-string} set deep-app-insp-timeout {integer} set deep-app-insp-db-limit {integer} set exclude-signatures [none|industrial] end
config ips global
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
fail-open |
Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. |
option |
- |
|||||||
|
|
|||||||||
database |
Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. |
option |
- |
|||||||
|
|
|||||||||
traffic-submit |
Enable/disable submitting attack data found by this FortiProxy to FortiGuard. |
option |
- |
|||||||
|
|
|||||||||
anomaly-mode |
Global blocking mode for rate-based anomalies. |
option |
- |
|||||||
|
|
|||||||||
session-limit-mode |
Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). |
option |
- |
|||||||
|
|
|||||||||
intelligent-mode |
Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. |
option |
- |
|||||||
|
|
|||||||||
socket-size |
IPS socket buffer size. Default depends on available memory. Can be changed to tune performance. |
integer |
Minimum value: 1 Maximum value: 512 |
|||||||
engine-count |
Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores. |
integer |
Minimum value: 0 Maximum value: 255 |
|||||||
sync-session-ttl |
Enable/disable use of kernel session TTL for IPS sessions. |
option |
- |
|||||||
|
|
|||||||||
skype-client-public-ipaddr |
Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas. |
var-string |
Maximum length: 255 |
|||||||
deep-app-insp-timeout |
Timeout for Deep application inspection. |
integer |
Minimum value: 0 Maximum value: 2147483647 |
|||||||
deep-app-insp-db-limit |
Limit on number of entries in deep application inspection database |
integer |
Minimum value: 0 Maximum value: 2147483647 |
|||||||
exclude-signatures |
Excluded signatures. |
option |
- |
|||||||
|
|