In this example, you will protect a web server using an Intrusion Prevention System (IPS) profile and a Denial of Service (DoS) policy. This will prevent a variety of attacks from reaching the server.
Watch the video
1. Enabling Intrusion Protection |
|
| Go to System > Config > Features and ensure that Intrusion Protection is turned ON. Apply your changes if necessary. |  |
2. Configuring the default IPS profile to block common attacks |
|
| Go to Security Profiles > Intrusion Protection and edit the default profile. In the Pattern Based Signatures and Filters list, highlight the default entry and select Edit. |  |
| Select Severity to view all signatures in the database. |  |
| Scroll down and set the Action to Block All. |  |
| Enable all the listed Rate Based Signatures. |  |
3. Adding the IPS sensor to the server access security policy |
|
|
Go to Policy & Objects > Policy > IPv4 and edit the security policy allowing traffic to the web server from the Internet. Enable IPS under Security Profiles and set it to use the default profile. Enabling IPS will automatically enable SSL Inspection. In order to inspect encrypted traffic, the deep-inspection profile must be used. |
 |
4. Creating a DoS policy |
|
|
Go to Policy & Objects > Policy > DoS and create a new policy. Set Incoming Interface to your Internet-facing interface. In the Anomalies list, enable Status and Logging and set the Action to Block for all types. |
 |
5. Results |
|
|
Warning: DoS attacks are illegal, unless you own the server under attack. Before performing an attack, ensure that you have the correct server IP. Launch a DoS attack on your web server’s IP address. |
|
|
Go to System > FortiView > Threats and select the 5 Minutes view. You will see that a DoS attack has been detected and blocked. |
 |
Download
For further reading, check out Intrustion Protection in the FortiOS 5.2 Handbook.
The post Protecting a web server appeared first on Fortinet Cookbook.