Enabling denial of service protection
You can enable basic denial of service (DoS) prevention to combat SYN floods. When enabled, FortiADC uses the SYN cookie method to track half-open connections. The system maintains a DoS mitigation table for each configured IPv4 virtual server. It times out half-open connections so that they do not deplete system resources.
Note: The DoS feature is supported for traffic to virtual servers only. However, it is not supported for IPv6 traffic or for Layer 4 virtual servers with the Direct Routing packet forwarding mode.
Before you begin:
- You must have Read-Write permission for Firewall settings.
To enable denial of service protection:
- Go to Security > SYN Flood Prevention.
- Enable the SYN Cookie feature.
- Specify a maximum number of half open sockets. The default is 1 (10 connections). The valid range is 1 to 80,000.
- Save the configuration.