Protection subnets
These are IPv4/IPv6 subnets configured with SPP Rule for which SPP settings are applicable to. These subnets are inside networks that FortiDDoS should to protect. Every subnet also has parameters for Signaling as Signaling threshold KPPS (i.e. unit of thousand packet per seconds) and Mbps.
Note: Default SPP is built on the system with 2 default Subnets Any-IPv4 and Any-IPv6. Traffic that is not classified by any IPv4 or IPv6 subnet on system will be classified under these 2 default subnets.
To add a new subnet:
Click Create New under Protection Subnets.
Note: Every SPP Rule has a maximum limit of subnets as specified in the FortiDDoS-F Data sheet.
To edit a subnet:
Double click an entry or click the edit icon next to the entry.
Note: This action is not applicable for Default subnets Any-IPv4 and Any-IPv6.
To clone a subnet:
Click the clone icon next to the entry.
Note: This action is only available in the GUI
To delete a subnet:
Check the boxes next to the entries you want to delete and then click the Delete button.
Note: This action will be restricted while deleting last configured protected subnet for SPP rule if SPP rule status is Enabled.
This action is not applicable to default subnets Any-IPv4 and Any-IPv6.
To configure using the CLI: config ddos spp rule edit <spp_name> config address edit <subnet_name> set type { ipv4-netmask | ipv6-prefix} set ip-netmask <ipv4-netmask> set ipv6-prefix <ipv6-prefix> set signaling-threshold-kpps <integer> set set signaling-threshold-mbps <integer> next end next end |
Settings |
Guidelines |
---|---|
Type |
Choose between IPv4 Netmask and IPv6 Prefix |
IPv6/IPv6 Adress |
Configure subnet with prefix based upon Type selected |
Signaling Threshold Kpps |
These thresholds are used for Attack Signaling to Cloud DDoS service Providers by sending REST API information when traffic crosses this value for a particular subnet Make sure following configuration is created successfully for these settings to take into effect
|
Signaling Threshold Mbps |