Fortinet black logo

Handbook

Step 10: Deploy the system in Prevention Mode

Copy Link
Copy Doc ID 7b437c33-fcc7-11ec-bb32-fa163e15d75b:530629
Download PDF

Step 10: Deploy the system in Prevention Mode

After you have set the statistical baseline and evaluated the configured minimum thresholds, you change to Prevention Mode. In Prevention Mode, the system uses the configured minimum threshold in its calculations that determine the estimated thresholds. The estimated thresholds are rate limits that are enforced by packet drops. The estimated thresholds are also the triggers for reporting flood attacks and entering SYN flood attack mitigation mode.

Repeat the tuning as needed: monitor observed throughput, estimated thresholds, and drops; adjust the configured minimum thresholds; monitor; adjust.

For details, refer to Service Protection Policy Overview and Modifying thresholds.

  1. Go to Service Protection > Service Protection Policy > {SPP rule} > Service Protection Policy and change the configuration to Prevention Mode. Do this for each SPP.
  2. Create TCP Profile under Service Protection > TCP Profile, enable the recommended TCP session state anomalies options.
  3. Continue to monitor traffic.
  4. Tune the configuration if necessary. Go to Service Protection > Service Protection Policy > {SPP rule} > Thresholds to set rates manually or Service Protection > Service Protection Policy > {SPP rule} > System Recommendation to adjust percentages applied at OSI layers or to adjust the low traffic threshold.

Step 10: Deploy the system in Prevention Mode

After you have set the statistical baseline and evaluated the configured minimum thresholds, you change to Prevention Mode. In Prevention Mode, the system uses the configured minimum threshold in its calculations that determine the estimated thresholds. The estimated thresholds are rate limits that are enforced by packet drops. The estimated thresholds are also the triggers for reporting flood attacks and entering SYN flood attack mitigation mode.

Repeat the tuning as needed: monitor observed throughput, estimated thresholds, and drops; adjust the configured minimum thresholds; monitor; adjust.

For details, refer to Service Protection Policy Overview and Modifying thresholds.

  1. Go to Service Protection > Service Protection Policy > {SPP rule} > Service Protection Policy and change the configuration to Prevention Mode. Do this for each SPP.
  2. Create TCP Profile under Service Protection > TCP Profile, enable the recommended TCP session state anomalies options.
  3. Continue to monitor traffic.
  4. Tune the configuration if necessary. Go to Service Protection > Service Protection Policy > {SPP rule} > Thresholds to set rates manually or Service Protection > Service Protection Policy > {SPP rule} > System Recommendation to adjust percentages applied at OSI layers or to adjust the low traffic threshold.