Fortinet black logo

Administration Guide

Home FortiTester 7.3.0 Administration Guide
7.3.0
7.4.0
7.3.2
7.3.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.0

Using an IPS Attack Replay case

Using an IPS Attack Replay case

FortiTester can test security systems by replaying a FortiGuard intrusion pcaps or customized set of attack traffic. The FortiGuard intrusion package provides more than 1600 attack samples. The test result shows the CVE-ID, Application, Protocol, OS and Type, etc. for every attack. You can also see the attack list in the Security Testing > Maintenance> Intrusion Definitions.

You have to purchase the Premium or Standard intrusion service if you are going to use Fortinet IPS intrusion pcaps.

Before you begin:

  • Optional. If you want to test custom attack traffic, you must create a package of pcap files that can be replayed. Follow the file naming convention: Description[_CVE-$CVEID].pcap. Here [] means optional. The file type can be .pcap, .tgz, .tar.gz, or .zip. A .tgz, .tar.gz, or .zip file includes a group of .pcap files. Maximum file size is 200MB. You can upload it, put it into a default or customized group, and the select the group of attack files you want to replay later.

Topology

To configure a FortiGuard intrusion group:
  1. Go to Cases > Security Testing > Objects > FGD Intrusion Group.

  2. Click + Create New then input the group name.

  3. Click + Add.

  4. Click Create New to select the intrusions. You can click Select All to select all intrusions.

    You can also apply filters from under Application, or from Protocol, Type, and so on.

  5. Click Save.

How to configure the Attack Replay case

  1. Go to Security Testing > IPS > Attack.

  2. Click the Create New then select the network object created before.

  3. Use the group created before.

    In order to completely replay all pcaps, configure the case duration to a bigger number, for example 10 hours.

  4. Click Start.

Status Meaning
The client did not receive any packets sent by the server and the server did not receive any packets sent by the client.

The package is identified as not a pcap format.

The client lost some packets sent by the server or the server lost some packets sent by the client.

The client received all packets sent by the server and the server received all packets sent by the client.
Previous
Next

Using an IPS Attack Replay case

FortiTester can test security systems by replaying a FortiGuard intrusion pcaps or customized set of attack traffic. The FortiGuard intrusion package provides more than 1600 attack samples. The test result shows the CVE-ID, Application, Protocol, OS and Type, etc. for every attack. You can also see the attack list in the Security Testing > Maintenance> Intrusion Definitions.

You have to purchase the Premium or Standard intrusion service if you are going to use Fortinet IPS intrusion pcaps.

Before you begin:

  • Optional. If you want to test custom attack traffic, you must create a package of pcap files that can be replayed. Follow the file naming convention: Description[_CVE-$CVEID].pcap. Here [] means optional. The file type can be .pcap, .tgz, .tar.gz, or .zip. A .tgz, .tar.gz, or .zip file includes a group of .pcap files. Maximum file size is 200MB. You can upload it, put it into a default or customized group, and the select the group of attack files you want to replay later.

Topology

To configure a FortiGuard intrusion group:
  1. Go to Cases > Security Testing > Objects > FGD Intrusion Group.

  2. Click + Create New then input the group name.

  3. Click + Add.

  4. Click Create New to select the intrusions. You can click Select All to select all intrusions.

    You can also apply filters from under Application, or from Protocol, Type, and so on.

  5. Click Save.

How to configure the Attack Replay case

  1. Go to Security Testing > IPS > Attack.

  2. Click the Create New then select the network object created before.

  3. Use the group created before.

    In order to completely replay all pcaps, configure the case duration to a bigger number, for example 10 hours.

  4. Click Start.

Status Meaning
The client did not receive any packets sent by the server and the server did not receive any packets sent by the client.

The package is identified as not a pcap format.

The client lost some packets sent by the server or the server lost some packets sent by the client.

The client received all packets sent by the server and the server received all packets sent by the client.
Previous
Next