Fortinet black logo

Handbook

6.6.0
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1

Protection profile settings

Protection profile settings

This section of the Service Protection Policy (SPP) allows the user to associate different mitigation features to SPP. Every SPP can link to Rrofiles for mitigation features for IP, ICMP, TCP, HTTP, SSL/TLS, NTP, DNS, DTLS and QUIC.

SPP Profiles for the above features are created via Service Protection > IP Profile | ICMP Profile | TCP Profile | HTTP Profile | SSL/TLS Profile | NTP Profile | DNS Profile | DTLS Profile | QUIC Profile.

Note:

  • Each SPP can only be associated with one profile of each type at a time.

  • All SPPs should have all above Profile associated with it. Failure to do so can severely limit DDoS mitigation.

  • Profile names can be up to 35 characters long but only 26 are shown in the SPP Profiles list. Names longer than 26 characters are shown with elipses, like: 12345678901234567890123456…

    Look in Service Protection > Profiles for the full name.

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

set http-profile <http_profile_name>

set ntp-profile <ntp_profile_name>

set dns-profile <dns_profile_name>

set tcp-profile <tcp_profile_name>

set ssltls-profile <ssltls_profile_name>

set ip-profile <ip_profile_name>

set icmp-profile <icmp_profile_name>

set dtls-profile <dtls_profile_name>

set quic-profile <quic_profile_name>

next

end
Creating/Editing SPP Profiles

SPP Profiles are explained in the SPP Profiles Overview section but from Release 6.6.0 you can also create, add and edit SPP Profiles within the SPP page

To create a new Profile:

  • Enable the profile, if not already enabled.

  • Pull down the menu field

  • Select +Create

  • A side-panel will appear that allows you to name and select features for the Profile.

To view or edit an existing Profile:

  • Pull down the menu item

  • Roll the cursor over the desired Profile. A pop-up window appears with “Edit”

  • Click on the Edit button

  • The side panel will appear for viewing or editing

To select an existing Profile without editing, roll over and click on the Profile in the list without clicking on the Edit button.

Previous
Next

Protection profile settings

This section of the Service Protection Policy (SPP) allows the user to associate different mitigation features to SPP. Every SPP can link to Rrofiles for mitigation features for IP, ICMP, TCP, HTTP, SSL/TLS, NTP, DNS, DTLS and QUIC.

SPP Profiles for the above features are created via Service Protection > IP Profile | ICMP Profile | TCP Profile | HTTP Profile | SSL/TLS Profile | NTP Profile | DNS Profile | DTLS Profile | QUIC Profile.

Note:

  • Each SPP can only be associated with one profile of each type at a time.

  • All SPPs should have all above Profile associated with it. Failure to do so can severely limit DDoS mitigation.

  • Profile names can be up to 35 characters long but only 26 are shown in the SPP Profiles list. Names longer than 26 characters are shown with elipses, like: 12345678901234567890123456…

    Look in Service Protection > Profiles for the full name.

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

set http-profile <http_profile_name>

set ntp-profile <ntp_profile_name>

set dns-profile <dns_profile_name>

set tcp-profile <tcp_profile_name>

set ssltls-profile <ssltls_profile_name>

set ip-profile <ip_profile_name>

set icmp-profile <icmp_profile_name>

set dtls-profile <dtls_profile_name>

set quic-profile <quic_profile_name>

next

end
Creating/Editing SPP Profiles

SPP Profiles are explained in the SPP Profiles Overview section but from Release 6.6.0 you can also create, add and edit SPP Profiles within the SPP page

To create a new Profile:

  • Enable the profile, if not already enabled.

  • Pull down the menu field

  • Select +Create

  • A side-panel will appear that allows you to name and select features for the Profile.

To view or edit an existing Profile:

  • Pull down the menu item

  • Roll the cursor over the desired Profile. A pop-up window appears with “Edit”

  • Click on the Edit button

  • The side panel will appear for viewing or editing

To select an existing Profile without editing, roll over and click on the Profile in the list without clicking on the Edit button.

Previous
Next