Fortinet white logo
Fortinet white logo

Handbook

Configuring Service Protection Policies

Configuring Service Protection Policies

To create a Service Protection Policy:

On the Service Protection Policy tab, click Create New. You can Name and save this for later configuration or proceed to Service Protection Policy Feature Settings below.

Note:

  • Creating a new SPP rule may be disallowed if the system reaches the maximum limit of SPP rules per platform.

New SPPs are enabled by default. You may set the SPP Status to disabled but disabled SPPs do not monitor any traffic, even if the SPP has configured Protection Subnets. All traffic is directed to the SPP with the next longest prefix or to the default SPP. Instead of disabling an SPP, put the SPP in Detection mode (also default) where no traffic is dropped.

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

next

end

To edit SPP rule:

Double click the SPP Rule entry and modify the existing configuration.

This action may not be allowed if the SPP Rule Reset Action is in progress

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

next

end

To reset SPP rule:

Click the Reset button for each SPP rule entry.

This action is used to reset all Configuration and Traffic data associated with the SPP Rule.

SPP RRD Reset operation from CLI is not allowed while SPP Reset operation is in progress.

Tooltip

To configure using the CLI:

execute spp-factory-reset spp <spp_name>

To delete SPP rule:

Check the boxes next to the SPP rules you want to delete and then click the Delete button.

This action is not applicable to the default SPP Rule.

Tooltip

To configure using the CLI:

config ddos spp rule

delete <spp_name>

next

end

Navigating between Service Protection Policies

When editing any Service Protection Policy rule, a drop-down menu is available to change SPPs. If you have made changes on the current page, the system will confirm if you want to save those changes before switching SPPs.

Configuring Service Protection Policies

Configuring Service Protection Policies

To create a Service Protection Policy:

On the Service Protection Policy tab, click Create New. You can Name and save this for later configuration or proceed to Service Protection Policy Feature Settings below.

Note:

  • Creating a new SPP rule may be disallowed if the system reaches the maximum limit of SPP rules per platform.

New SPPs are enabled by default. You may set the SPP Status to disabled but disabled SPPs do not monitor any traffic, even if the SPP has configured Protection Subnets. All traffic is directed to the SPP with the next longest prefix or to the default SPP. Instead of disabling an SPP, put the SPP in Detection mode (also default) where no traffic is dropped.

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

next

end

To edit SPP rule:

Double click the SPP Rule entry and modify the existing configuration.

This action may not be allowed if the SPP Rule Reset Action is in progress

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

next

end

To reset SPP rule:

Click the Reset button for each SPP rule entry.

This action is used to reset all Configuration and Traffic data associated with the SPP Rule.

SPP RRD Reset operation from CLI is not allowed while SPP Reset operation is in progress.

Tooltip

To configure using the CLI:

execute spp-factory-reset spp <spp_name>

To delete SPP rule:

Check the boxes next to the SPP rules you want to delete and then click the Delete button.

This action is not applicable to the default SPP Rule.

Tooltip

To configure using the CLI:

config ddos spp rule

delete <spp_name>

next

end

Navigating between Service Protection Policies

When editing any Service Protection Policy rule, a drop-down menu is available to change SPPs. If you have made changes on the current page, the system will confirm if you want to save those changes before switching SPPs.