Fortinet black logo

Handbook

6.4.0
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1

Protection profile settings

Protection profile settings

This section of the Service Protection Policy (SPP) allows the user to associate different mitigation features to SPP. Every SPP can link to Rrofiles for mitigation features for IP, ICMP, TCP, HTTP, SSL/TLS, NTP, DNS, DTLS and QUIC.

SPP Profiles for the above features are created via Service Protection > IP Profile | ICMP Profile | TCP Profile | HTTP Profile | SSL/TLS Profile | NTP Profile | DNS Profile | DTLS Profile | QUIC Profile.

Note:

  • Each SPP can only be associated with one profile of each type at a time.

  • All SPPs should have all above Profile associated with it. Failure to do so can severely limit DDoS mitigation.

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

set http-profile <http_profile_name>

set ntp-profile <ntp_profile_name>

set dns-profile <dns_profile_name>

set tcp-profile <tcp_profile_name>

set ssltls-profile <ssltls_profile_name>

set ip-profile <ip_profile_name>

set icmp-profile <icmp_profile_name>

set dtls-profile <dtls_profile_name>

set quic-profile <quic_profile_name>

next

end
Previous
Next

Protection profile settings

This section of the Service Protection Policy (SPP) allows the user to associate different mitigation features to SPP. Every SPP can link to Rrofiles for mitigation features for IP, ICMP, TCP, HTTP, SSL/TLS, NTP, DNS, DTLS and QUIC.

SPP Profiles for the above features are created via Service Protection > IP Profile | ICMP Profile | TCP Profile | HTTP Profile | SSL/TLS Profile | NTP Profile | DNS Profile | DTLS Profile | QUIC Profile.

Note:

  • Each SPP can only be associated with one profile of each type at a time.

  • All SPPs should have all above Profile associated with it. Failure to do so can severely limit DDoS mitigation.

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

set http-profile <http_profile_name>

set ntp-profile <ntp_profile_name>

set dns-profile <dns_profile_name>

set tcp-profile <tcp_profile_name>

set ssltls-profile <ssltls_profile_name>

set ip-profile <ip_profile_name>

set icmp-profile <icmp_profile_name>

set dtls-profile <dtls_profile_name>

set quic-profile <quic_profile_name>

next

end
Previous
Next