Fortinet black logo

Handbook

Home FortiDDoS-F 6.3.1 Handbook

Configuring Do Not Track / Track and Allow policies

6.3.1
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1
Copy Link
Copy Doc ID 603e8323-b78c-11ec-9fd1-fa163e15d75b:167411
Download PDF

Configuring Do Not Track / Track and Allow policies

Use to specify IP addresses that FortiDDoS Do Not Track or Track and Allow.

  • Do Not Track—Does not monitor or track traffic to or from the configured IP addresses in any way
  • Track and Allow—Monitors and reports but does not restrict traffic to/from the configured IP addresses
Caution

Use these allow-list policies with extreme care. No mitigation is performed when either of these policies is applied. Avoid using these polices for your protected IP addresses.

Do Not Track traffic is completely invisible to FortiDDoS with no monitoring nor mitigation

Track and Allow traffic is visible, displaying on graphs and logs with virtual drops (like a mini-Detection Mode) but it may not be obvious from the displayed information that the traffic is not being blocked.
Before you begin:
To configure a Do Not Track / Track and Allow policy:
  1. Go to Global Protection > Do Not Track Policy > IPv4 or IPv6
  2. Click Create New.
  3. Complete the configuration as described in the table below.
  4. Save the configuration.

Settings Guidelines
Name Configuration name. a-Z,0-9, - , _ only (no spaces)

Do Not Track IP Address

Dropdown menu of IP Addresses, Subnets or IP Ranges previously configured in System > Address and Service.

Note: Do Not Track does not support Geolocation, Groups or Services
Action
  • Track and Allow—Traffic is not dropped for any reason. Traffic is monitored and virtual drops are displayed in graphs and logs. Traffic is included in Traffic Statistics for Threshold settings.
  • Do not track—Traffic is invisible – no monitoring, no graphs, logs or drops of any kind.

Configured policies are shown on the Do Not Track Policy page. You can Edit, Delete, and Clone policies from the GUI using the icons on the right.

Previous
Next

Configuring Do Not Track / Track and Allow policies

Use to specify IP addresses that FortiDDoS Do Not Track or Track and Allow.

  • Do Not Track—Does not monitor or track traffic to or from the configured IP addresses in any way
  • Track and Allow—Monitors and reports but does not restrict traffic to/from the configured IP addresses
Caution

Use these allow-list policies with extreme care. No mitigation is performed when either of these policies is applied. Avoid using these polices for your protected IP addresses.

Do Not Track traffic is completely invisible to FortiDDoS with no monitoring nor mitigation

Track and Allow traffic is visible, displaying on graphs and logs with virtual drops (like a mini-Detection Mode) but it may not be obvious from the displayed information that the traffic is not being blocked.
Before you begin:
To configure a Do Not Track / Track and Allow policy:
  1. Go to Global Protection > Do Not Track Policy > IPv4 or IPv6
  2. Click Create New.
  3. Complete the configuration as described in the table below.
  4. Save the configuration.

Settings Guidelines
Name Configuration name. a-Z,0-9, - , _ only (no spaces)

Do Not Track IP Address

Dropdown menu of IP Addresses, Subnets or IP Ranges previously configured in System > Address and Service.

Note: Do Not Track does not support Geolocation, Groups or Services
Action
  • Track and Allow—Traffic is not dropped for any reason. Traffic is monitored and virtual drops are displayed in graphs and logs. Traffic is included in Traffic Statistics for Threshold settings.
  • Do not track—Traffic is invisible – no monitoring, no graphs, logs or drops of any kind.

Configured policies are shown on the Do Not Track Policy page. You can Edit, Delete, and Clone policies from the GUI using the icons on the right.

Previous
Next