Fortinet black logo

CLI Reference

firewall DoS-policy

Configure IPv4 DoS policies.

  config firewall DoS-policy
      Description: Configure IPv4 DoS policies.
      edit <policyid>
          set status [enable|disable]
          set comments {var-string}
          set interface {string}
          set srcaddr <name1>, <name2>, ...
          set dstaddr <name1>, <name2>, ...
          set service <name1>, <name2>, ...
          config anomaly
              Description: Anomaly name.
              edit <name>
                  set status [disable|enable]
                  set log [enable|disable]
                  set action [pass|block]
                  set quarantine [none|attacker]
                  set quarantine-expiry {user}
                  set quarantine-log [disable|enable]
                  set threshold {integer}
                  set threshold(default) {integer}
              next
          end
      next
  end

config firewall DoS-policy

Parameter Name Description Type Size
status Enable/disable this policy.
enable: Enable this policy.
disable: Disable this policy.
option -
comments Comment. var-string Maximum length: 1023
interface Incoming interface name from available interfaces. string Maximum length: 35
srcaddr <name> Source address name from available addresses.
Service name.
string Maximum length: 79
dstaddr <name> Destination address name from available addresses.
Address name.
string Maximum length: 79
service <name> Service object from available options.
Service name.
string Maximum length: 79

config anomaly

Parameter Name Description Type Size
status Enable/disable this anomaly.
disable: Disable this status.
enable: Enable this status.
option -
log Enable/disable anomaly logging.
enable: Enable anomaly logging.
disable: Disable anomaly logging.
option -
action Action taken when the threshold is reached.
pass: Allow traffic but record a log message if logging is enabled.
block: Block traffic if this anomaly is found.
option -
quarantine Quarantine method.
none: Quarantine is disabled.
attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.
option -
quarantine-expiry Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. user Not Specified
quarantine-log Enable/disable quarantine logging.
disable: Disable quarantine logging.
enable: Enable quarantine logging.
option -
threshold Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. integer Minimum value: 1 Maximum value: 2147483647
threshold(default) Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it. integer Minimum value: 0 Maximum value: 4294967295

Configure IPv4 DoS policies.

  config firewall DoS-policy
      Description: Configure IPv4 DoS policies.
      edit <policyid>
          set status [enable|disable]
          set comments {var-string}
          set interface {string}
          set srcaddr <name1>, <name2>, ...
          set dstaddr <name1>, <name2>, ...
          set service <name1>, <name2>, ...
          config anomaly
              Description: Anomaly name.
              edit <name>
                  set status [disable|enable]
                  set log [enable|disable]
                  set action [pass|block]
                  set quarantine [none|attacker]
                  set quarantine-expiry {user}
                  set quarantine-log [disable|enable]
                  set threshold {integer}
                  set threshold(default) {integer}
              next
          end
      next
  end

config firewall DoS-policy

Parameter Name Description Type Size
status Enable/disable this policy.
enable: Enable this policy.
disable: Disable this policy.
option -
comments Comment. var-string Maximum length: 1023
interface Incoming interface name from available interfaces. string Maximum length: 35
srcaddr <name> Source address name from available addresses.
Service name.
string Maximum length: 79
dstaddr <name> Destination address name from available addresses.
Address name.
string Maximum length: 79
service <name> Service object from available options.
Service name.
string Maximum length: 79

config anomaly

Parameter Name Description Type Size
status Enable/disable this anomaly.
disable: Disable this status.
enable: Enable this status.
option -
log Enable/disable anomaly logging.
enable: Enable anomaly logging.
disable: Disable anomaly logging.
option -
action Action taken when the threshold is reached.
pass: Allow traffic but record a log message if logging is enabled.
block: Block traffic if this anomaly is found.
option -
quarantine Quarantine method.
none: Quarantine is disabled.
attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.
option -
quarantine-expiry Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. user Not Specified
quarantine-log Enable/disable quarantine logging.
disable: Disable quarantine logging.
enable: Enable quarantine logging.
option -
threshold Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. integer Minimum value: 1 Maximum value: 2147483647
threshold(default) Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it. integer Minimum value: 0 Maximum value: 4294967295