Help
FortiDDoS
FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.
Anonymous
Not applicable

Created on ‎08-01-2017 02:29 AM Edited on ‎08-20-2025 03:59 AM By Staff

Article Id 196924

Technical Tip: How to configure IP's that should not be dropped or blocked by the FortiDDoS

Description

 
This article explains how to add IP's on the FortiDDoS that should not be tracked.
 
Scope
 
FortiDDoS.


Solution

 
Packets for the IPs added to the 'Do not track' Policy are forwarded without inspection. Otherwise, packets are evaluated against sets of built-in rules and user-defined rules.

There are two types of Action:
  • Configuring Do Not Track / Track and Allow policies, never drop or block packets to/from these IP addresses; do not include them in the statistics for continuous learning and threshold estimation.
  • Track and Allow.   Never drop or block packets to/from these IP addresses; include them in the statistics for continuous learning and threshold estimation.
To configure with the CLI, use a command sequence similar to the following:
 
config ddos global {do-not-track-policy | do-not-trackpolicy-v6}
    edit <name>
        set do-not-track-IP-address <Ip_address_object>
        set do-not-track-action {track-and-allow | do-not-track}
    end
vkumaresan_FD40602_tn_FD40602-1.jpg
vkumaresan_FD40602_tn_FD40602-2.jpg


To configure with the CLI, use a command sequence similar to the following:
 
config ddos global local-address
edit
    set ip-netmask <address_ipv4netmask>
end
Labels:
1064
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.