Fortinet white logo
Fortinet white logo

CLI Reference

config ips settings

config ips settings

Configure IPS VDOM parameter.

config ips settings
    Description: Configure IPS VDOM parameter.
    set ha-session-pickup [connectivity|security]
    set ips-packet-quota {integer}
    set packet-log-history {integer}
    set packet-log-memory {integer}
    set packet-log-post-attack {integer}
    set proxy-inline-ips [disable|enable]
end

config ips settings

Parameter

Description

Type

Size

Default

ha-session-pickup

IPS HA failover session pickup preference.

option

-

connectivity

Option

Description

connectivity

Prefer session continuity.

security

Prefer session complete security.

ips-packet-quota

Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size.

integer

Minimum value: 0 Maximum value: 4294967295

0

packet-log-history

Number of packets to capture before and including the one in which the IPS signature is detected.

integer

Minimum value: 1 Maximum value: 255

1

packet-log-memory

Maximum memory can be used by packet log.

integer

Minimum value: 64 Maximum value: 8192

256

packet-log-post-attack

Number of packets to log after the IPS signature is detected.

integer

Minimum value: 0 Maximum value: 255

0

proxy-inline-ips

Enable/disable proxy-mode policy inline IPS support.

option

-

enable

Option

Description

disable

Do not allow inline IPS in proxy-mode policy.

enable

Allow inline IPS in proxy-mode policy.

config ips settings

config ips settings

Configure IPS VDOM parameter.

config ips settings
    Description: Configure IPS VDOM parameter.
    set ha-session-pickup [connectivity|security]
    set ips-packet-quota {integer}
    set packet-log-history {integer}
    set packet-log-memory {integer}
    set packet-log-post-attack {integer}
    set proxy-inline-ips [disable|enable]
end

config ips settings

Parameter

Description

Type

Size

Default

ha-session-pickup

IPS HA failover session pickup preference.

option

-

connectivity

Option

Description

connectivity

Prefer session continuity.

security

Prefer session complete security.

ips-packet-quota

Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size.

integer

Minimum value: 0 Maximum value: 4294967295

0

packet-log-history

Number of packets to capture before and including the one in which the IPS signature is detected.

integer

Minimum value: 1 Maximum value: 255

1

packet-log-memory

Maximum memory can be used by packet log.

integer

Minimum value: 64 Maximum value: 8192

256

packet-log-post-attack

Number of packets to log after the IPS signature is detected.

integer

Minimum value: 0 Maximum value: 255

0

proxy-inline-ips

Enable/disable proxy-mode policy inline IPS support.

option

-

enable

Option

Description

disable

Do not allow inline IPS in proxy-mode policy.

enable

Allow inline IPS in proxy-mode policy.