Technical Tip: Denial of Service (DoS) anomalies explained
Description
This article describes the predefined anomalies used in DoS policies.
Solution
A Denial of Service (DoS) policy examines network traffic arriving at a FortiGate interface for anomalous patterns, which usually indicates an attack.
A denial of service occurs when an attacking system starts an abnormally large number of sessions with a target system. The large number of sessions slows down or disables the target system, preventing legitimate users from using it.
DoS policies are checked before security policies, preventing attacks from triggering more resource intensive security protection and slowing down the FortiGate.
Predefined sensors are setup for specific anomalous traffic patterns. New DoS anomalies cannot be added by the user. The predefined anomalies that can be used in DoS policies are:
Related Articles