Staff

Technical Tip: FortiDDoS - Threshold and most common L4 ports

Forum|Forum|10 years ago
August 7, 2015
0 replies
1160 views

Description

This article describes how the thresholds (Inbound and Outbound) for the most commonly used ports such as HTTP, FTP, DNS, etc are not set when applying the System Recommendation settings, even if the traffic statistics during the learning period have detected traffic on these ports.

Scope

FortiDDoS-F v6.x, 7.0.x, 7.2.x.

Solution

This means that the thresholds for those ports are set to the maximum value of 134217727. Also there is other ports as 443, which FortiDDoS doesn't have thresholds configured, as it is a common port that clients will use.

This is to ensure that no false-positive will happen because the threshold (see Adjusting Thresholds - FortiDDOS 4.3.0 help) on the port has been set too low. This should not be at that level that the migration should happen. The attack catch-up will be triggered by other means such as source tracking, anomaly in IP or l4 level, Syn flood mitigation, L3 or L7 thresholds, etc.

Only add values to these thresholds if a specific issue needs to be addressed.

Some examples of how to configure these manually:

Technical Tip: Threshold setting when using a custom port on an SSL VPN connection

Technical Tip: Troubleshooting IPsec VPN packets drops after upgrade to version 7.0.3

FortiDDoS v4.1

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded