Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.5.0
    7.0.3
    7.0.1
    7.0.0
    6.6.3
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.1

    Cloud Signaling

    Cloud Signaling

    The Service Provider Signaling feature enables small/medium businesses and enterprises to work with participating service providers to route traffic through a "scrubbing station" in the service provider network (SP) before it is forwarded through the WAN link to the customer premises network (CP).

    For details on deployments with signaling between FortiDDoS devices, see Service Protection.

    For information on deployments with signaling to 3rd-party Cloud DDoS Mitigation services, please contact your local sales team or Fortinet TAC.

    Note: You must use mgmt1 port for signaling. If FortiDDoS is behind a web proxy, configure Tunneling settings under IP Reputation.

    Before you begin:

    • You must have Read-Write permission for Global Settings.
    • Please make sure the following settings are configured in SPP rule:
      • Cloud signaling status is enabled under Service Protection > Service Protection Policy > {SPP Rule} > Service Protection Policy
      • Configure Signaling Threshold (KPPS or Mbps or both) for selected subnet under Service Protection > Service Protection Policy > {SPP Rule} > Service Protection Policy > Protection Subnets
    To configure service provider signaling:
    1. Go to Global Protection > Cloud Signaling.
    2. Click Add to display the configuration editor.
    3. Complete the configuration as described in the following table.
    4. Save the configuration.

    Settings

    Guidelines

    Cloud Signaling Mode

    Customer Premises Service Provider

    Signaling Timeout

    Timeout after which System will re-investigate if traffic is passed Signaling Threshold

    Customer Premises FDD

    Status

    Enable or Disable

    Name

    Configuration name. Must not contain spaces.

    Device Type

    FortiDDoS—If the service provider uses FortiDDoS, select this option and complete the fields described next.

    Third Party—If the service provider has a cloud mitigation service, select this option and specify the account ID, shared secret, and URL expected by the third party.

    Serial Number

    Serial number of the FortiDDoS in the service provider network. The serial number configuration is case sensitive. Be careful to enter the serial number exactly as it is provided to you.

    Shared Secret

    Must match the string configured on the SP FortiDDoS. (Allowed characters are a-Z and 0-9)

    Note: Once entered, the Shared Secret/API Key is not displayed on GUI nor in CLI and cannot be recovered. If forgotten, a new matching key must be entered for the paired devices.

    Address Type

    IPv4 or IPv6

    Service Provider IP address

    IP address of the SP FortiDDoS management interface.

    Service Provider FDD

    Name

    Configuration name. Must not contain spaces.

    Customer Premises FDD Serial Number

    Serial number of the FortiDDoS in the customer premises network. The serial number configuration is case sensitive. Be careful to enter the serial number exactly as it is provided to you.

    Shared Secret

    Must match the string configured on the CP FortiDDoS. (Allowed characters are a-A and 0-9)

    Customer Premises FDD IP Version

    IPv4 or IPv6

    Customer Premises IP address

    IP address of the CP FortiDDoS management interface.

    Cloud Signaling/Third Party mitigation

    Name

    Configuration name. Must not contain spaces.

    Device Type

    Third Party

    Shared Secret

    Obtain from the Cloud Mitigation provider. Allowed characters: A-Z, a-z, 0-9, no spaces. Max 19 characters.

    Account ID

    User account provided by the Cloud Mitigation provider

    SP URL

    Listening Signaling URL provided by the Cloud Mitigation provider

    Tooltip

    To configure using the CLI:

    config ddos global cloud-signaling

    set mode { customer-premises | service-provider }

    set timeout <integer>

    config devices

    edit <device_name>

    set enable { enable | disable }

    set device-type { FortiDDoS | Third-Party }

    set serial-number <string>

    set shared-secret <passwd>

    set address-type { ipv4 | ipv6 }

    set ipv4-address <ipv4_addr>

    set ipv6-address <ipv6_addr>

    set account-id <string>

    set url <string>

    next

    end

    end
    Previous
    Next

    Cloud Signaling

    Cloud Signaling

    The Service Provider Signaling feature enables small/medium businesses and enterprises to work with participating service providers to route traffic through a "scrubbing station" in the service provider network (SP) before it is forwarded through the WAN link to the customer premises network (CP).

    For details on deployments with signaling between FortiDDoS devices, see Service Protection.

    For information on deployments with signaling to 3rd-party Cloud DDoS Mitigation services, please contact your local sales team or Fortinet TAC.

    Note: You must use mgmt1 port for signaling. If FortiDDoS is behind a web proxy, configure Tunneling settings under IP Reputation.

    Before you begin:

    • You must have Read-Write permission for Global Settings.
    • Please make sure the following settings are configured in SPP rule:
      • Cloud signaling status is enabled under Service Protection > Service Protection Policy > {SPP Rule} > Service Protection Policy
      • Configure Signaling Threshold (KPPS or Mbps or both) for selected subnet under Service Protection > Service Protection Policy > {SPP Rule} > Service Protection Policy > Protection Subnets
    To configure service provider signaling:
    1. Go to Global Protection > Cloud Signaling.
    2. Click Add to display the configuration editor.
    3. Complete the configuration as described in the following table.
    4. Save the configuration.

    Settings

    Guidelines

    Cloud Signaling Mode

    Customer Premises Service Provider

    Signaling Timeout

    Timeout after which System will re-investigate if traffic is passed Signaling Threshold

    Customer Premises FDD

    Status

    Enable or Disable

    Name

    Configuration name. Must not contain spaces.

    Device Type

    FortiDDoS—If the service provider uses FortiDDoS, select this option and complete the fields described next.

    Third Party—If the service provider has a cloud mitigation service, select this option and specify the account ID, shared secret, and URL expected by the third party.

    Serial Number

    Serial number of the FortiDDoS in the service provider network. The serial number configuration is case sensitive. Be careful to enter the serial number exactly as it is provided to you.

    Shared Secret

    Must match the string configured on the SP FortiDDoS. (Allowed characters are a-Z and 0-9)

    Note: Once entered, the Shared Secret/API Key is not displayed on GUI nor in CLI and cannot be recovered. If forgotten, a new matching key must be entered for the paired devices.

    Address Type

    IPv4 or IPv6

    Service Provider IP address

    IP address of the SP FortiDDoS management interface.

    Service Provider FDD

    Name

    Configuration name. Must not contain spaces.

    Customer Premises FDD Serial Number

    Serial number of the FortiDDoS in the customer premises network. The serial number configuration is case sensitive. Be careful to enter the serial number exactly as it is provided to you.

    Shared Secret

    Must match the string configured on the CP FortiDDoS. (Allowed characters are a-A and 0-9)

    Customer Premises FDD IP Version

    IPv4 or IPv6

    Customer Premises IP address

    IP address of the CP FortiDDoS management interface.

    Cloud Signaling/Third Party mitigation

    Name

    Configuration name. Must not contain spaces.

    Device Type

    Third Party

    Shared Secret

    Obtain from the Cloud Mitigation provider. Allowed characters: A-Z, a-z, 0-9, no spaces. Max 19 characters.

    Account ID

    User account provided by the Cloud Mitigation provider

    SP URL

    Listening Signaling URL provided by the Cloud Mitigation provider

    Tooltip

    To configure using the CLI:

    config ddos global cloud-signaling

    set mode { customer-premises | service-provider }

    set timeout <integer>

    config devices

    edit <device_name>

    set enable { enable | disable }

    set device-type { FortiDDoS | Third-Party }

    set serial-number <string>

    set shared-secret <passwd>

    set address-type { ipv4 | ipv6 }

    set ipv4-address <ipv4_addr>

    set ipv6-address <ipv6_addr>

    set account-id <string>

    set url <string>

    next

    end

    end
    Previous
    Next