What's new
New features
FortiDDoS 6.1.0 is built on the feature base of FortiDDoS B/E-Series with these notable additions:
- VM support in several hypervisor environments
- NTP from E-Series on all models
- Additional SSL DDoS Mitigation settings
- 16x SPPs in1500F
- The System Recommendation changes from 5.4.0 (Separate L4 Scalars/ICMP / TCP Ports / UDP Port) are included
- DNS Rcode Scalars are included in Traffic Statistics and System Recommendation
- NTP Scalars are included in Traffic Statistics and System Recommendations
- Split System Recommendation for Layer 4 Scalars/ICMP, TCP Ports and UDP Ports included from B/E 5.4.0
- Common UDP Source Reflection Ports are pre-populated in Global Service definitions for use with Global or SPP ACLs
- Service port definitions support Source Port or Destination Port. Source Port ACLs are very useful for permanently blocking kown UDP reflection ports.
- IP Address / Subnets definitions are created in the System menu and then assigned to Global or SPP ACLs, reducing multiple entries.
- Bogons IPs and/or Multicast IPs can be ACLed with option selection in any SPP.
- SPPs replace feature tabs with multiple Profiles for IP, ICMP, TCP, HTTP, SSL/TLS, NTP and DNS. One Profiles can be used by muliple SPPs or one SPP can use Multiple Profiles (TCP Detection and TCP Prevention, for example).
- Source MAC address for aggressive aging is configurable per SPP, if needed
- Strict Anomalies options are now included in several SPP Profile pages for Layer 2 to Layer 7 options.
- Cloud Signaling Thresholds are entered in both pps and Mbps (crossing either triggers Signaling. Thresholds are now per SPP Policy (subnet).
- SPP Policies (subnets) are entered fore each Service Protection Policy (SPP) instead of globally.
- Explicit TCP thresholds are added for DNS Query, Question Count, Fragment, MX and ALL. B/E-Series has TCP Thresholds but they are hidden and the same as the UDP Thresholds.
- IP Reputation and Domain Reputation are included in IP and DNS Profiles and thus are optional per SPP.
- SSL/TLS Profile includes additional Cipher Anomaly option
- tcpdump-style packet capture
- Several formerly-global features such as IP Reputation are now set per SPP for better control
- Additional Known Method Anomalies available
Removed/Changed/Deferred Features
B/E-Series Functionality not included in this release:
- Support for FortiDDoS-CM Central Manager
- Security Fabric Integration with FortiOS Dashboard
- GTP-U support
- Distress ACL nor Auto-Distress ACL
- Multi-tenant support (SPP or SPP Policy Group)
- Fewer files included in Offline analysis file
- SPP Backup/Restore
- Attack Reports are Global only and are on-demand or on-schedule only. Report periods are Last 7 Days, Last Month or Last year only. (Removed per-SPP, per-SPP Policy, per-SPP Policy Group reports, on-Threshold reports and some time periods)
- REST API changes and requires documentation
- Log & Report > DDoS Attack Graphs
- SPP Policy Groups
- Log & Report > Diagnostics
- SPP-to-SPP Switching Policies
- Restrict DNS Queries to specific subnets
- System Recommendation Option for Actual or System Max Outbound Threshold (5.4.0)
- Traffic Statistics Option for Peak or 95th Percentile Traffic (5.4.0)
- Syslog RFC 5424 or Fortinet proprietary secure "OFTP" protocol (5.4.0)
- CLI Commands for IP Reptution nor Domain Reputation updates (5.4.0)
- Search for IP addresses within various ACLs (5.3.0)
VM limits
- VMs do not support Fail-Open option. Fail-Open support will be determined by the underlying server
- TCP Port Thresholds are calculated to 65,535 but Thresholds/Ranges are created for ports 1-1023 with one range for ports above 1023.
- TCP Port Graphs display traffic and drops for Ports 1-1023. Port 1024 displays peak traffic rate for any port from 1024-65,535 and total drops associated with any of those ports. Attack logs show full port range 1-65,535.
- UDP Port Thresholds are calculated to 65,535 but Thresholds/Ranges are created for 1-10,239 only with one range above that.
- UDP Port Graphs display traffic and drops for Ports 1-10,239. Port 10,240 displays peak traffic rate for any port from 10,240-65,535 and total drops associates with any of those ports. Attack logs show full port range 1-65,535 as well as reflected attack drops from ports 1-9,999.
- ICMP Type/Code Thresholds are calculated from 0-65,535 but Threshold/Ranges are created for 0-10,239 only. Indexes from 10,240 to 65,535 are included in one range.
- ICMP Type/Code graphs show indexes from 0/0 to 39/255 with all others showing in 40/0. Attack logs will show drops for Types/Codes for all Types/Codes from 0/0 to 255/255.