Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.4.0
    7.0.3
    7.0.1
    7.0.0
    6.6.3
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.1

    Settings

    Settings

    Setting

    Description
    Out of Memory Mode

    Tables in FortiDDoS models are sized to exceed high flood conditions. In the very unlikely event that Memory tables such as Source, Destination, and Session tables fill under flood, the system provides an option to drop packets that exceed the capacity of the tables or to bypass those packets with no mitigation.

    Select either of the following options:

    • Drop — This is the preferred option since the tables will only fill under severe flood (or misconfigured systems).

    • Bypass — This is the default option.
    SSL Hardware Mode

    Enable/disable the SSL Hardware Mode. The default option is enable.

    FortiDDoS models FDD-1500F and FDD-2000F can use an embedded hardware module to assist with SSL inspection.

    With the SSL Hardware Mode enabled, depending on the SSL certificates, FortiDDoS will:

    • Decrypt traffic to inspect for HTTP rate and anomaly parameters such as Method Floods and HTTP Anomalies.

    • Drop over-threshold and anomalous packets.

    • Re-encrypt forwarded packets to the server.

    Note: Attempting to inspect SSL packets on the model FDD-200F or VM04/08/16 can have significant impact on system performance and is not recommended. Enabling Hardware Mode on these models has no effect.

    To configure using the CLI: 

    config ddos global settings
   set out-of-memory-mode {Bypass|Drop}
   set ssl-hardware-mode {enable|disable}  Note: This command is not available on 200F or VM models.
end
    Previous
    Next

    Settings

    Settings

    Setting

    Description
    Out of Memory Mode

    Tables in FortiDDoS models are sized to exceed high flood conditions. In the very unlikely event that Memory tables such as Source, Destination, and Session tables fill under flood, the system provides an option to drop packets that exceed the capacity of the tables or to bypass those packets with no mitigation.

    Select either of the following options:

    • Drop — This is the preferred option since the tables will only fill under severe flood (or misconfigured systems).

    • Bypass — This is the default option.
    SSL Hardware Mode

    Enable/disable the SSL Hardware Mode. The default option is enable.

    FortiDDoS models FDD-1500F and FDD-2000F can use an embedded hardware module to assist with SSL inspection.

    With the SSL Hardware Mode enabled, depending on the SSL certificates, FortiDDoS will:

    • Decrypt traffic to inspect for HTTP rate and anomaly parameters such as Method Floods and HTTP Anomalies.

    • Drop over-threshold and anomalous packets.

    • Re-encrypt forwarded packets to the server.

    Note: Attempting to inspect SSL packets on the model FDD-200F or VM04/08/16 can have significant impact on system performance and is not recommended. Enabling Hardware Mode on these models has no effect.

    To configure using the CLI: 

    config ddos global settings
   set out-of-memory-mode {Bypass|Drop}
   set ssl-hardware-mode {enable|disable}  Note: This command is not available on 200F or VM models.
end
    Previous
    Next