Fortinet black logo

Handbook

Configuring DoS Protection Profile

Configuring DoS Protection Profile

A DoS Protection profile references the DoS policies that are to be enforced.

Before you begin:

  • You must have Read-Write permission for Security settings.

After you have configured DoS Protection profile, you can select them in Server Load Balance > Virtual Server > Security > DoS Protection Profile.

To configure a DoS Protection Profile:

  1. Go to DoS Protection > DoS Protection Profile.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration.

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.

    HTTP Access Limit

    HTTP Access Limit policy. Limit the request number per second from an IP.

    HTTP Connection Flood

    HTTP Connection Flood policy. Limit the number of connections from a client, which is marked by a cookie.

    HTTP Request Flood

    HTTP Request Flood policy. Limit the request number per second from a client, which is marked by a cookie.

    TCP Slow Data Flood Protection

    After the TCP connection is established (the three-way handshake is completed), if FortiADC sends data to the client but the client returns a zero window (a zero window appears when, for example, the client does not take the data out of the TCP receive queue of the client OS when the data sent by the FADC fills up the queue), FortiADC will stop sending data. In this case, FortiADC can actively abort TCP connections and release related resources to avoid occupying its resources for a long time.

  4. Save the configuration.

Configuring DoS Protection Profile

A DoS Protection profile references the DoS policies that are to be enforced.

Before you begin:

  • You must have Read-Write permission for Security settings.

After you have configured DoS Protection profile, you can select them in Server Load Balance > Virtual Server > Security > DoS Protection Profile.

To configure a DoS Protection Profile:

  1. Go to DoS Protection > DoS Protection Profile.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration.

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.

    HTTP Access Limit

    HTTP Access Limit policy. Limit the request number per second from an IP.

    HTTP Connection Flood

    HTTP Connection Flood policy. Limit the number of connections from a client, which is marked by a cookie.

    HTTP Request Flood

    HTTP Request Flood policy. Limit the request number per second from a client, which is marked by a cookie.

    TCP Slow Data Flood Protection

    After the TCP connection is established (the three-way handshake is completed), if FortiADC sends data to the client but the client returns a zero window (a zero window appears when, for example, the client does not take the data out of the TCP receive queue of the client OS when the data sent by the FADC fills up the queue), FortiADC will stop sending data. In this case, FortiADC can actively abort TCP connections and release related resources to avoid occupying its resources for a long time.

  4. Save the configuration.