Fortinet black logo

Administration Guide

DoS policies

DoS policies

The IPv4 DoS Policy and IPv6 DoS Policy panes allow you to create, edit, delete, and clone DoS policies.

On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 DoS Policy and IPv6 DoS Policy checkboxes to display these option.

To create a DoS policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package, click IPv4 DoS Policy or IPv6 DoS Policy.
  4. Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
  5. Configure the following settings, then click OK to create the policy:

    Incoming Interface

    Select the incoming interface from the Object Selector frame, or drag and drop the address from the object pane.

    Source Address

    Select the source address.

    Destination Address

    Select the destination address.

    Service

    Select the service.

    L3 Anomalies

    ip_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    ip_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    L4 Anomalies

    tcp_syn_flood

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 2000.

    tcp_port_scan

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 1000.

    tcp_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    tcp_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    udp_flood

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 2000.

    udp_scan

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 2000.

    udp_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    udp_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    icmp_flood

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 250.

    icmp_sweep

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 100.

    icmp_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 300.

    icmp_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 1000.

    sctp_flood

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 2000.

    sctp_scan

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 1000.

    sctp_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    sctp_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    Advanced Options

    Optionally, add a description of the policy, such as its purpose, or the changes that have been made to it.

DoS policies

The IPv4 DoS Policy and IPv6 DoS Policy panes allow you to create, edit, delete, and clone DoS policies.

On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 DoS Policy and IPv6 DoS Policy checkboxes to display these option.

To create a DoS policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package, click IPv4 DoS Policy or IPv6 DoS Policy.
  4. Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
  5. Configure the following settings, then click OK to create the policy:

    Incoming Interface

    Select the incoming interface from the Object Selector frame, or drag and drop the address from the object pane.

    Source Address

    Select the source address.

    Destination Address

    Select the destination address.

    Service

    Select the service.

    L3 Anomalies

    ip_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    ip_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    L4 Anomalies

    tcp_syn_flood

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 2000.

    tcp_port_scan

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 1000.

    tcp_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    tcp_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    udp_flood

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 2000.

    udp_scan

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 2000.

    udp_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    udp_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    icmp_flood

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 250.

    icmp_sweep

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 100.

    icmp_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 300.

    icmp_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 1000.

    sctp_flood

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 2000.

    sctp_scan

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 1000.

    sctp_src_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    sctp_dst_session

    Select to enable the DoS status and logging, select the action to pass, block or proxy, and configure the threshold.

    The default threshold is 5000.

    Advanced Options

    Optionally, add a description of the policy, such as its purpose, or the changes that have been made to it.