Fortinet white logo
Fortinet white logo

Handbook

SPP Profiles Overview

SPP Profiles Overview

The Service Protection Policy Profile configurations for IP, ICMP, TCP, HTTP, SSL/TLS, NTP, DNS, DTLS and QUIC includes key feature settings that might vary among SPPs. It is IMPORTANT to configure these and assign each type of SPP Profile to the SPPs. SPPs without SPP Profiles assigned to them will not mitigate fully.

A single Profile may be used for many SPPs and/or a Single SPP may use multiple Profiles for the same parameters (e.g. a TCP Profile for Detection Mode and one for Prevention Mode). Only one SPP Profile of each type can be assigned to an SPP at one time (there is no switching of SPP Profiles between Detection and Prevention, for example - they must be changed manually).

You can edit SPP Profiles when they are assigned to an SPP but keep in mind that if that SPP Profile is assigned to multiple SPPs, the changes will affect them all.

A maximum of 64 SPP Profiles can be created for each of the SPP Profile Types above.

Before you begin:
  • You must have a good understanding of the features You want to enable. Refer to Key Concepts.
  • You must have Read-Write permission for Protection Profile settings.
To configure SPP Profiles:
  1. Go to Service Protection and select a Profile you want to configure ( IP | ICMP | TCP | HTTP | SSL/TLS | NTP | DNS | DTLS | QUIC).
  2. Select:
    1. + Create New to create a new Profile.
    2. Edit (pencil icon) at the right of any row from an existing list of Profiles to edit that Profile.
    3. Clone (two pages icon) at the right of any row to duplicate an existing Profile for further editing.
  3. Edit and Save the Profile.
To Assign Service Protection Policy Profiles to Service Protection Policies (SPPs):
  1. Go to Service Protection > Service Protection Policy.
  2. Select:
    1. + Create New - Create a new SPP Policy.
    2. Edit (pencil icon) at the right of any row from an existing list of SPP Policies to edit that SPP.
    3. Clone (two pages icon) at the right of any row to duplicate an existing SPP for further editing.
  3. Scroll down to Protection Profile Settings.
  4. Enable the Profile Type by toggling the button to the right.
  5. From the pull-down menu, select the Profile you want to assign to the SPP. All available Profiles of that type will show in the menu.

SPP Profiles Overview

SPP Profiles Overview

The Service Protection Policy Profile configurations for IP, ICMP, TCP, HTTP, SSL/TLS, NTP, DNS, DTLS and QUIC includes key feature settings that might vary among SPPs. It is IMPORTANT to configure these and assign each type of SPP Profile to the SPPs. SPPs without SPP Profiles assigned to them will not mitigate fully.

A single Profile may be used for many SPPs and/or a Single SPP may use multiple Profiles for the same parameters (e.g. a TCP Profile for Detection Mode and one for Prevention Mode). Only one SPP Profile of each type can be assigned to an SPP at one time (there is no switching of SPP Profiles between Detection and Prevention, for example - they must be changed manually).

You can edit SPP Profiles when they are assigned to an SPP but keep in mind that if that SPP Profile is assigned to multiple SPPs, the changes will affect them all.

A maximum of 64 SPP Profiles can be created for each of the SPP Profile Types above.

Before you begin:
  • You must have a good understanding of the features You want to enable. Refer to Key Concepts.
  • You must have Read-Write permission for Protection Profile settings.
To configure SPP Profiles:
  1. Go to Service Protection and select a Profile you want to configure ( IP | ICMP | TCP | HTTP | SSL/TLS | NTP | DNS | DTLS | QUIC).
  2. Select:
    1. + Create New to create a new Profile.
    2. Edit (pencil icon) at the right of any row from an existing list of Profiles to edit that Profile.
    3. Clone (two pages icon) at the right of any row to duplicate an existing Profile for further editing.
  3. Edit and Save the Profile.
To Assign Service Protection Policy Profiles to Service Protection Policies (SPPs):
  1. Go to Service Protection > Service Protection Policy.
  2. Select:
    1. + Create New - Create a new SPP Policy.
    2. Edit (pencil icon) at the right of any row from an existing list of SPP Policies to edit that SPP.
    3. Clone (two pages icon) at the right of any row to duplicate an existing SPP for further editing.
  3. Scroll down to Protection Profile Settings.
  4. Enable the Profile Type by toggling the button to the right.
  5. From the pull-down menu, select the Profile you want to assign to the SPP. All available Profiles of that type will show in the menu.