Fortinet black logo

CLI Reference

config firewall DoS-policy6

config firewall DoS-policy6

Configure IPv6 DoS policies.

config firewall DoS-policy6
    Description: Configure IPv6 DoS policies.
    edit <policyid>
        config anomaly
            Description: Anomaly name.
            edit <name>
                set status [disable|enable]
                set log [enable|disable]
                set action [pass|block]
                set quarantine [none|attacker]
                set quarantine-expiry {user}
                set quarantine-log [disable|enable]
                set threshold {integer}
                set threshold(default) {integer}
            next
        end
        set comments {var-string}
        set dstaddr <name1>, <name2>, ...
        set interface {string}
        set name {string}
        set service <name1>, <name2>, ...
        set srcaddr <name1>, <name2>, ...
        set status [enable|disable]
    next
end

config firewall DoS-policy6

Parameter

Description

Type

Size

Default

comments

Comment.

var-string

Maximum length: 1023

dstaddr <name>

Destination address name from available addresses.

Address name.

string

Maximum length: 79

interface

Incoming interface name from available interfaces.

string

Maximum length: 35

name

Policy name.

string

Maximum length: 35

policyid

Policy ID.

integer

Minimum value: 0 Maximum value: 9999

0

service <name>

Service object from available options.

Service name.

string

Maximum length: 79

srcaddr <name>

Source address name from available addresses.

Service name.

string

Maximum length: 79

status

Enable/disable this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

config anomaly

Parameter

Description

Type

Size

Default

name

Anomaly name.

string

Maximum length: 63

status

Enable/disable this anomaly.

option

-

disable

Option

Description

disable

Disable this status.

enable

Enable this status.

log

Enable/disable anomaly logging.

option

-

disable

Option

Description

enable

Enable anomaly logging.

disable

Disable anomaly logging.

action

Action taken when the threshold is reached.

option

-

pass

Option

Description

pass

Allow traffic but record a log message if logging is enabled.

block

Block traffic if this anomaly is found.

quarantine

Quarantine method.

option

-

none

Option

Description

none

Quarantine is disabled.

attacker

Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

quarantine-expiry

Duration of quarantine.. Requires quarantine set to attacker.

user

Not Specified

5m

quarantine-log

Enable/disable quarantine logging.

option

-

enable

Option

Description

disable

Disable quarantine logging.

enable

Enable quarantine logging.

threshold

Anomaly threshold. Number of detected instances (packets per second or concurrent session number) that triggers the anomaly action.

integer

Minimum value: 1 Maximum value: 2147483647

0

threshold(default)

Number of detected instances. Note that each anomaly has a different threshold value assigned to it.

integer

Minimum value: 0 Maximum value: 4294967295

0

config firewall DoS-policy6

Configure IPv6 DoS policies.

config firewall DoS-policy6
    Description: Configure IPv6 DoS policies.
    edit <policyid>
        config anomaly
            Description: Anomaly name.
            edit <name>
                set status [disable|enable]
                set log [enable|disable]
                set action [pass|block]
                set quarantine [none|attacker]
                set quarantine-expiry {user}
                set quarantine-log [disable|enable]
                set threshold {integer}
                set threshold(default) {integer}
            next
        end
        set comments {var-string}
        set dstaddr <name1>, <name2>, ...
        set interface {string}
        set name {string}
        set service <name1>, <name2>, ...
        set srcaddr <name1>, <name2>, ...
        set status [enable|disable]
    next
end

config firewall DoS-policy6

Parameter

Description

Type

Size

Default

comments

Comment.

var-string

Maximum length: 1023

dstaddr <name>

Destination address name from available addresses.

Address name.

string

Maximum length: 79

interface

Incoming interface name from available interfaces.

string

Maximum length: 35

name

Policy name.

string

Maximum length: 35

policyid

Policy ID.

integer

Minimum value: 0 Maximum value: 9999

0

service <name>

Service object from available options.

Service name.

string

Maximum length: 79

srcaddr <name>

Source address name from available addresses.

Service name.

string

Maximum length: 79

status

Enable/disable this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

config anomaly

Parameter

Description

Type

Size

Default

name

Anomaly name.

string

Maximum length: 63

status

Enable/disable this anomaly.

option

-

disable

Option

Description

disable

Disable this status.

enable

Enable this status.

log

Enable/disable anomaly logging.

option

-

disable

Option

Description

enable

Enable anomaly logging.

disable

Disable anomaly logging.

action

Action taken when the threshold is reached.

option

-

pass

Option

Description

pass

Allow traffic but record a log message if logging is enabled.

block

Block traffic if this anomaly is found.

quarantine

Quarantine method.

option

-

none

Option

Description

none

Quarantine is disabled.

attacker

Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

quarantine-expiry

Duration of quarantine.. Requires quarantine set to attacker.

user

Not Specified

5m

quarantine-log

Enable/disable quarantine logging.

option

-

enable

Option

Description

disable

Disable quarantine logging.

enable

Enable quarantine logging.

threshold

Anomaly threshold. Number of detected instances (packets per second or concurrent session number) that triggers the anomaly action.

integer

Minimum value: 1 Maximum value: 2147483647

0

threshold(default)

Number of detected instances. Note that each anomaly has a different threshold value assigned to it.

integer

Minimum value: 0 Maximum value: 4294967295

0