Fortinet black logo

Handbook

Home FortiDDoS-F 6.3.3 Handbook

Emergency Setup

6.3.3
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1
Copy Link
Copy Doc ID 369dfb00-033f-11ed-bb32-fa163e15d75b:137822
Download PDF

Emergency Setup

You can use the emergency setup option to set adjust only certain key thresholds based on empirical knowledge. You can expect these adjustments to protect against common attacks. For example, if you are already under attack, you can use emergency setup to deploy the unit without an initial learning period.

Warning: The thresholds set by Emergency Setup are a fraction of the full configuration and they are designed for use with smaller networks (less than 1Gbps). Always leave the Service Protection Profile in Detection Mode when using Emergency Setup until you can see if these thresholds impact legitimate traffic.

Before you begin:

You must have Read-Write permission for Protection Profile settings.

To apply SPP threshold settings:
  1. Go to Service Protection > Service Protection Policy.
  2. Select the {SPP Rule} you want to configure from table.
  3. Select tab Threshold Settings
  4. Select tab Emergency Setup
  5. Make changes to all threshold settings as per requirement
  6. Click Apply to Thresholds.
  7. Click Reset Emergency Setup to all default threshold values.

To configure using the CLI:

config ddos spp emergency-setup-profile

edit emergency

set threshold-inbound-concurrent-connections-per-source-threshold <Inbound Concurrent Connections per Source Threshold>

set threshold-inbound-most-active-source-threshold <Inbound Most Active Source Threshold>

set threshold-inbound-syn-per-source-threshold <Inbound SYN/source Threshold>

set threshold-inbound-syn-threshold <Inbound SYN Threshold>

set threshold-outbound-concurrent-connections-per-source-threshold <Outbound Concurrent Connections per Source Threshold>

set threshold-outbound-most-active-source-threshold <Outbound Most Active Source Threshold>

set threshold-outbound-syn-per-source-threshold <Outbound SYN/source Threshold>

set threshold-outbound-syn-threshold <Outbound SYN Threshold>

next

end

execute thresholds-emergency-setup spp <rule_name> profile <emergency_prof_name>
To Reset SPP Emergency Setup threshold settings to factory default:
  1. Go to Service Protection > Service Protection Policy.
  2. Select the SPP you want to configure from table.
  3. Select tab Threshold Settings
  4. Select tab Emergency Setup
  5. Make changes to all threshold settings as per requirement
  6. Click Reset Emergency Setup to all default threshold values.
Previous
Next

Emergency Setup

You can use the emergency setup option to set adjust only certain key thresholds based on empirical knowledge. You can expect these adjustments to protect against common attacks. For example, if you are already under attack, you can use emergency setup to deploy the unit without an initial learning period.

Warning: The thresholds set by Emergency Setup are a fraction of the full configuration and they are designed for use with smaller networks (less than 1Gbps). Always leave the Service Protection Profile in Detection Mode when using Emergency Setup until you can see if these thresholds impact legitimate traffic.

Before you begin:

You must have Read-Write permission for Protection Profile settings.

To apply SPP threshold settings:
  1. Go to Service Protection > Service Protection Policy.
  2. Select the {SPP Rule} you want to configure from table.
  3. Select tab Threshold Settings
  4. Select tab Emergency Setup
  5. Make changes to all threshold settings as per requirement
  6. Click Apply to Thresholds.
  7. Click Reset Emergency Setup to all default threshold values.

To configure using the CLI:

config ddos spp emergency-setup-profile

edit emergency

set threshold-inbound-concurrent-connections-per-source-threshold <Inbound Concurrent Connections per Source Threshold>

set threshold-inbound-most-active-source-threshold <Inbound Most Active Source Threshold>

set threshold-inbound-syn-per-source-threshold <Inbound SYN/source Threshold>

set threshold-inbound-syn-threshold <Inbound SYN Threshold>

set threshold-outbound-concurrent-connections-per-source-threshold <Outbound Concurrent Connections per Source Threshold>

set threshold-outbound-most-active-source-threshold <Outbound Most Active Source Threshold>

set threshold-outbound-syn-per-source-threshold <Outbound SYN/source Threshold>

set threshold-outbound-syn-threshold <Outbound SYN Threshold>

next

end

execute thresholds-emergency-setup spp <rule_name> profile <emergency_prof_name>
To Reset SPP Emergency Setup threshold settings to factory default:
  1. Go to Service Protection > Service Protection Policy.
  2. Select the SPP you want to configure from table.
  3. Select tab Threshold Settings
  4. Select tab Emergency Setup
  5. Make changes to all threshold settings as per requirement
  6. Click Reset Emergency Setup to all default threshold values.
Previous
Next