Fortinet black logo

Handbook

Getting Started

Copy Link
Copy Doc ID 603e8323-b78c-11ec-9fd1-fa163e15d75b:781506
Download PDF

Getting Started

This section provides the basic work-flow for getting started with a new deployment.

Basic steps:
  1. Install the appliance.
  2. Configure the management interface.
  3. Configure the following basic network settings:
  • Administrator password
  • System date and time
  • Network interfaces
  • DNS
  • Test connectivity.
  • Complete product registration, install your license, and update the firmware.
  • Deploy the system in Detection Mode for 2-7 days.
  • Generate traffic statistics, review them, and set SPP thresholds to the system recommended values.
  • Continue to monitor throughput rates and attacks, and adjust thresholds as needed.
  • Deploy the system in Prevention Mode.
  • Back up this basic configuration so that you have a restore point.
  • Tips:
    • Configuration changes are applied to the running configuration as soon as you save them.
    • Configuration objects are saved in a configuration management database. You cannot change the name of a configuration object after you have initially saved it.
    • You cannot delete a configuration object that is referenced in another configuration object (for example, you cannot delete an address if it is used in a policy).

    Note:

    If you are using Internet access links from multiple service providers, and both links do not connect to the same FortiDDoS, BGP will likely create asymmetric traffic where FortiDDoS will only see a portion of TCP handshakes. See Understanding FortiDDoS Asymmetric Mode to configure your FortiDDoS correctly.

    Getting Started

    This section provides the basic work-flow for getting started with a new deployment.

    Basic steps:
    1. Install the appliance.
    2. Configure the management interface.
    3. Configure the following basic network settings:
    • Administrator password
    • System date and time
    • Network interfaces
    • DNS
  • Test connectivity.
  • Complete product registration, install your license, and update the firmware.
  • Deploy the system in Detection Mode for 2-7 days.
  • Generate traffic statistics, review them, and set SPP thresholds to the system recommended values.
  • Continue to monitor throughput rates and attacks, and adjust thresholds as needed.
  • Deploy the system in Prevention Mode.
  • Back up this basic configuration so that you have a restore point.
  • Tips:
    • Configuration changes are applied to the running configuration as soon as you save them.
    • Configuration objects are saved in a configuration management database. You cannot change the name of a configuration object after you have initially saved it.
    • You cannot delete a configuration object that is referenced in another configuration object (for example, you cannot delete an address if it is used in a policy).

    Note:

    If you are using Internet access links from multiple service providers, and both links do not connect to the same FortiDDoS, BGP will likely create asymmetric traffic where FortiDDoS will only see a portion of TCP handshakes. See Understanding FortiDDoS Asymmetric Mode to configure your FortiDDoS correctly.