Skip to main content
S
SPC
Explorer
May 7, 2026
Solved

DoS policy question

  • May 7, 2026
  • 1 reply
  • 37 views

Hello Community,

 

Would appreciate it if someone can point me to the right direction regarding the following.

 

For example lets say there are 2 DoS policy with tcp_syn_flood configured like such (policy ID1 comes before policy ID2)

 

Policy ID 1

  • tcp_syn_flood, threshold 500, Action block

 

Policy ID 2

  • tcp_syn_flood, threshold 50, Action monitor

 

The question is

Q1  If policy ID 1 counter registers 400 therefore block was not triggered (below the threshold) will the packets get evaluated by policy ID 2?

 

Regards.

    Best answer by msanjaypadma

    Hi ​@SPC ,

    FortiGate DoS policies are processed in a top-down, first-match order, similar to regular firewall policies. They are checked sequentially, and the first rule that matches the traffic is applied, with subsequent rules ignored

    If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

    Thanks,
    Mayur Padma

    1 reply

    msanjaypadma
    Staff
    msanjaypadmaAnswer
    Staff
    May 7, 2026

    Hi ​@SPC ,

    FortiGate DoS policies are processed in a top-down, first-match order, similar to regular firewall policies. They are checked sequentially, and the first rule that matches the traffic is applied, with subsequent rules ignored

    If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

    Thanks,
    Mayur Padma

      S
      SPCAuthor
      Explorer
      May 7, 2026

      ​@msanjaypadma 

      Thank you very much for  the update.

       

      Regards.

        Terms & ConditionsAccessibility statement