DoS policies
The IPv4 DoS Policy and IPv6 DoS Policy panes allow you to create, edit, delete, and clone DoS policies.
On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 DoS Policy and IPv6 DoS Policy checkboxes to display these option. |
To create a DoS policy:
- Ensure you are in the correct ADOM.
- Go to Policy & Objects > Policy Packages.
- In the tree menu for the policy package, click IPv4 DoS Policy or IPv6 DoS Policy.
- Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
- Configure the following settings, then click OK to create the policy:
Incoming Interface
Select the incoming interface from the Object Selector frame, or drag and drop the address from the object pane.
Source Address
Select the source address.
Destination Address
Select the destination address.
Service
Select the service.
L3 Anomalies
ip_src_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 5000.
ip_dst_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 5000.
L4 Anomalies
tcp_syn_flood
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 2000.
tcp_port_scan
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 1000.
tcp_src_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 5000.
tcp_dst_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 5000.
udp_flood
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 2000.
udp_scan
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 2000.
udp_src_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 5000.
udp_dst_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 5000.
icmp_flood
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 250.
icmp_sweep
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 100.
icmp_src_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 300.
icmp_dst_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 1000.
sctp_flood
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 2000.
sctp_scan
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 1000.
sctp_src_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 5000.
sctp_dst_session
Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.
The default threshold is 5000.
Advanced Options
Optionally, add a description of the policy, such as its purpose, or the changes that have been made to it.