288 01-28007-0068-20041203 Fortinet Inc.
Anomaly CLI configuration IPS
Configuring IPS logging and alert email
Whenever the IPS detects or prevents an attack, it generates an attack message. You
can configure the FortiGate unit to add the message to the attack log and to send an
alert email to administrators. You can configure how often the FortiGate unit sends
alert email. You can also reduce the number of log messages and alerts by disabling
signatures for attacks that your system is not vulnerable to (for example, web attacks
when you are not running a web server). For more information on FortiGate logging
and alert email, see “Log & Report” on page 339.
Default fail open setting
If for any reason the IPS should cease to function, it will fail open by default. This
means that crucial network traffic will not be blocked and the Firewall will continue to
operate while the problem is resolved.
You can change the default fail open setting using the CLI:
config sys global
set ips-open [enable | disable]
end
Enable ips_open to cause the IPS to fail open and disable ips_open to cause the
IPS to fail closed.