ips : global
Use this command to set IPS operating parameters.
config ips global
set algorithm {engine-pick | low | high | super}
set anomaly-mode {continuous | periodical}
set cp-accel-mode {none | basic | advanced}
set database {regular | extended}
set deep-app-insp-db-limit <entries_int>
set deep-app-insp-timeout <seconds>
set engine-count <integer>
set fail-open {enable | disable}
set np-accel-mode {none | basic}
set intelligent-mode {enable | disable}
set ips-reserve-cpu {enable | disable}
set np-accel-mode {none | basic}
set session-limit-mode {accurate | heuristic}
set skype-client-public-ipaddr <IP_addr_list>
set socket-size <ips_buffer_size>
set traffic-submit {enable | disable}
algorithm {engine-pick | low | high | super}
The IPS engine has two methods to determine whether traffic matches signatures.
low is a slower method that uses less memory
high is a faster method that uses more memory
super is a method that works well on models with more than 4GB memory
engine-pick allows the IPS engine to choose the best method on the fly.
anomaly-mode {continuous | periodical}
Enter continuous to start blocking packets once attack starts. Enter periodical to allow configured number of packets per second.
cp-accel-mode {none | basic | advanced}
Set Content Processor (CP) acceleration mode:
none disables Content Processor acceleration
basic Basic Content Processor acceleration
advanced Advanced Content Processor acceleration
database {regular | extended}
Select regular or extended IPS database.
deep-app-insp-db-limit <entries_int>
Set the maximum number of application database entries. Range 1 to 2 147 483 647. 0 sets recommended value.
100 000
deep-app-insp-timeout <seconds>
Sets number of seconds after which inactive application database entries are deleted. Range 1 to 2 147 483 647. 0 sets recommended value.
86 400
engine-count <integer>
Enter the number of intrusion protection engines to run. Multi-processor FortiGate units can more efficiently process traffic with multiple engines running. When set to the default value of 0, the FortiGate unit determines the optimal number of intrusion protection engines.
{enable | disable}
Optionally enable fail-open for IPS so that if IPS should cease to function crucial network traffic will not be blocked and the Firewall will continue to operate while the problem is resolved.
intelligent-mode {enable | disable}
Enable or disable IPS adaptive scanning which varies scanning by traffic type.
ips-reserve-cpu {enable | disable}
Enable or disable IPS daemon’s use of CPUs other than CPU 0.
np-accel-mode {none | basic}
Set Network Processor (NP) acceleration mode:
none disables Network Processor acceleration
basic Basic Network Processor acceleration
session-limit-mode {accurate | heuristic}
Enter accurate to accurately count the concurrent sessions. This option demands more resources. Enter heuristic to heuristically count the concurrent sessions.
skype-client-public-ipaddr <IP_addr_list>
Enter the public IP addresses of your network that are used for Skype sessions. This will help the FortiGate unit identify Skype sessions properly in the Sessions dashboard widget. Separate IP addresses with commas, not spaces.
No default.
socket-size <ips_buffer_size>
Set intrusion protection buffer size. The default value is correct in most cases.
{enable | disable}
Submit attack characteristics to FortiGuard Service