Auto-learning

Protection settings can be configured manually or with assistance from auto-learning.

Auto-learning can teach you a great deal about the threats your web assets face. It also helps you to understand your web applications’ structures and how end-users use them. Most importantly, though, auto-learning can help you to quickly tailor FortiWeb’s configuration to suit your web applications.

For data centers, colocation centers, and complex web applications, auto-learning-assisted configuration can save significant amounts of time compared to purely manual configuration. However, auto-learning is also resource-intensive and can decrease performance while gathering data. For strategies on minimizing the impact to your network, see Running auto-learning and Regular expression performance tips.

Auto-learning discovers the URLs and other characteristics of HTTP and/or HTTPS sessions by observing traffic that is passing to your web servers. To learn about whether the request is legitimate or a potential attack attempt, it performs the following tasks:

• Compares the request to attack signatures
• Observes inputs such as cookies and URL parameters
• Tracks your web servers’ response to each request, such as 401 Unauthorized or 500 Internal Server Error
• Captures the rate of requests for files (hits) by IP address and content type

By learning from your traffic, the FortiWeb appliance can suggest appropriate configurations, and help you to quickly generate profiles designed specifically for your unique traffic.

See also

IPv6 support

Open topic with navigation