ips : global
 
global
Use this command to set IPS operating parameters.
Syntax
config ips global
set algorithm {engine-pick | low | high | super}
set anomaly-mode {continuous | periodical}
set cp-accel-mode {none | basic | advanced}
set database {regular | extended}
set deep-app-insp-db-limit <entries_int>
set deep-app-insp-timeout <seconds>
set engine-count <integer>
set fail-open {enable | disable}
set np-accel-mode {none | basic}
set intelligent-mode {enable | disable}
set ips-reserve-cpu {enable | disable}
set np-accel-mode {none | basic}
set session-limit-mode {accurate | heuristic}
set skype-client-public-ipaddr <IP_addr_list>
set socket-size <ips_buffer_size>
set traffic-submit {enable | disable}
end
Variable
Description
Default
algorithm {engine-pick | low | high | super}
The IPS engine has two methods to determine whether traffic matches signatures.
low is a slower method that uses less memory
high is a faster method that uses more memory
super is a method that works well on models with more than 4GB memory
engine-pick allows the IPS engine to choose the best method on the fly.
engine-pick
anomaly-mode {continuous | periodical}
Enter continuous to start blocking packets once attack starts. Enter periodical to allow configured number of packets per second.
continuous
cp-accel-mode {none | basic | advanced}
Set Content Processor (CP) acceleration mode:
none disables Content Processor acceleration
basic Basic Content Processor acceleration
advanced Advanced Content Processor acceleration
basic
database {regular | extended}
Select regular or extended IPS database.
regular
deep-app-insp-db-limit <entries_int>
Set the maximum number of application database entries. Range 1 to 2 147 483 647. 0 sets recommended value.
100 000
deep-app-insp-timeout <seconds>
Sets number of seconds after which inactive application database entries are deleted. Range 1 to 2 147 483 647. 0 sets recommended value.
86 400
engine-count <integer>
Enter the number of intrusion protection engines to run. Multi-processor FortiGate units can more efficiently process traffic with multiple engines running. When set to the default value of 0, the FortiGate unit determines the optimal number of intrusion protection engines.
0
fail-open
{enable | disable}
Optionally enable fail-open for IPS so that if IPS should cease to function crucial network traffic will not be blocked and the Firewall will continue to operate while the problem is resolved.
disable
intelligent-mode {enable | disable}
Enable or disable IPS adaptive scanning which varies scanning by traffic type.
enable
ips-reserve-cpu {enable | disable}
Enable or disable IPS daemon’s use of CPUs other than CPU 0.
disable
np-accel-mode {none | basic}
Set Network Processor (NP) acceleration mode:
none disables Network Processor acceleration
basic Basic Network Processor acceleration
basic
session-limit-mode {accurate | heuristic}
Enter accurate to accurately count the concurrent sessions. This option demands more resources. Enter heuristic to heuristically count the concurrent sessions.
heuristic
skype-client-public-ipaddr <IP_addr_list>
Enter the public IP addresses of your network that are used for Skype sessions. This will help the FortiGate unit identify Skype sessions properly in the Sessions dashboard widget. Separate IP addresses with commas, not spaces.
No default.
socket-size <ips_buffer_size>
Set intrusion protection buffer size. The default value is correct in most cases.
model-dependent
traffic-submit
{enable | disable}
Submit attack characteristics to FortiGuard Service
disable