Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.3
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Feature Guide - HTML

    Home FortiADC 8.0.3 Feature Guide - HTML
    8.0.3
    8.0.3

    DDoS Protection

    DDoS Protection

    FortiADC provides multi-layered protection against denial-of-service (DoS) attacks by detecting and mitigating abnormal traffic patterns across both application and network layers. These protections help ensure application availability and service continuity under high-load or attack conditions.

    Network-Level Protection

    Network-layer protections defend against lower-level attacks that aim to exhaust system or network resources.

    • TCP SYN Flood Protection

      Detects and mitigates SYN flood attacks that attempt to exhaust connection tables.

    • TCP Connection Flood Protection

      Limits excessive connection attempts that may degrade service availability.

    • TCP Slow Data (Slowloris) Protection

      Identifies slow, incomplete connections designed to hold server resources open.

    • IP Fragmentation Protection

      Protects against malformed or fragmented packets used to evade detection or overwhelm systems.

    These mechanisms ensure stable network operation and prevent resource exhaustion at the transport layer.

    • Application-Level Protection

      Application-layer DoS protection focuses on HTTP/HTTPS and DNS traffic to prevent abuse targeting application resources.

      • HTTP Access Control

        Limits the number of requests or connections from clients to prevent excessive usage and resource exhaustion.

      • HTTP Connection Flood Protection

        Detects and mitigates large volumes of simultaneous connection attempts that can overwhelm application servers.

      • HTTP Request Flood Protection

        Identifies high-rate request bursts targeting application endpoints and applies rate limiting or blocking.

      • DNS Flood Protection

        Protects against:

        • DNS Query Floods – excessive DNS requests targeting the service

        • DNS Reverse Floods – abuse of reverse lookup mechanisms

      These controls ensure that application services remain responsive even under heavy or malicious traffic conditions.

    • Flexible Policy Control

      FortiADC enables granular and customizable DoS protection through policy-based configuration:

      • DoS Protection Profiles

        Define thresholds, detection methods, and actions (e.g., block, rate-limit, or monitor).

      • Exception Policies

        Allow trusted source IP addresses to bypass DoS protections, enabling fine-tuned control and reducing false positives.

      • Traffic Pattern Tuning

        Policies can be adjusted based on normal traffic behavior to balance security and performance.

    For more information, see DoS Protection in FortiADC Administration Guide.

    Previous
    Next

    DDoS Protection

    DDoS Protection

    FortiADC provides multi-layered protection against denial-of-service (DoS) attacks by detecting and mitigating abnormal traffic patterns across both application and network layers. These protections help ensure application availability and service continuity under high-load or attack conditions.

    Network-Level Protection

    Network-layer protections defend against lower-level attacks that aim to exhaust system or network resources.

    • TCP SYN Flood Protection

      Detects and mitigates SYN flood attacks that attempt to exhaust connection tables.

    • TCP Connection Flood Protection

      Limits excessive connection attempts that may degrade service availability.

    • TCP Slow Data (Slowloris) Protection

      Identifies slow, incomplete connections designed to hold server resources open.

    • IP Fragmentation Protection

      Protects against malformed or fragmented packets used to evade detection or overwhelm systems.

    These mechanisms ensure stable network operation and prevent resource exhaustion at the transport layer.

    • Application-Level Protection

      Application-layer DoS protection focuses on HTTP/HTTPS and DNS traffic to prevent abuse targeting application resources.

      • HTTP Access Control

        Limits the number of requests or connections from clients to prevent excessive usage and resource exhaustion.

      • HTTP Connection Flood Protection

        Detects and mitigates large volumes of simultaneous connection attempts that can overwhelm application servers.

      • HTTP Request Flood Protection

        Identifies high-rate request bursts targeting application endpoints and applies rate limiting or blocking.

      • DNS Flood Protection

        Protects against:

        • DNS Query Floods – excessive DNS requests targeting the service

        • DNS Reverse Floods – abuse of reverse lookup mechanisms

      These controls ensure that application services remain responsive even under heavy or malicious traffic conditions.

    • Flexible Policy Control

      FortiADC enables granular and customizable DoS protection through policy-based configuration:

      • DoS Protection Profiles

        Define thresholds, detection methods, and actions (e.g., block, rate-limit, or monitor).

      • Exception Policies

        Allow trusted source IP addresses to bypass DoS protections, enabling fine-tuned control and reducing false positives.

      • Traffic Pattern Tuning

        Policies can be adjusted based on normal traffic behavior to balance security and performance.

    For more information, see DoS Protection in FortiADC Administration Guide.

    Previous
    Next