Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akileshc
Staff
Staff

Created on ‎07-04-2023 01:02 AM Edited on ‎07-04-2023 01:03 AM By Community Manager

Article Id 262574

Technical Tip: Configure Denial of Service (DoS) protection with specific source country or geolocation

Description

This article describes that configuring Denial of Service (DoS) protection with a specific source country or geolocation allows blocking or restricting traffic originating from specific countries or geographical regions.

This can help mitigate DoS attacks by preventing malicious traffic from entering the network infrastructure, reducing the impact of attacks, improving overall network performance, enhancing security posture, and providing additional control over network traffic based on geographic criteria.
Scope FortiGate.
Solution

To create an address object, follow these steps:

  1. Navigate to Policy & Objects and select Addresses.
  2. Select the 'Create New' button or the '+' icon to create a new address object.
  3. Provide a name for the address object to identify it.
  4. Select the appropriate Type for the address object, in this case, it will be GEO (Geolocation).
  5. Specify the country or geographical region for the address object.
  6. Select the 'OK' or 'Save' button to create the address object.

 

Address_Geo.PNG

 

By creating an address object, it is possible to define a specific geolocation to be used in DDoS policies for filtering and controlling traffic based on geographic criteria.

 

To configure a DDoS policy in FortiGate, follow these steps:

  1. Log in to the FortiGate web-based management interface.
  2.  Go to Policy & Objects and select IPv4 DoS Policy.
  3. Select the 'Create New' button or the '+' icon to create a new DDoS policy.
  4. Provide a name for the policy to identify it.
  5.  Select the address object configured with the geographical region as Source Address. (example: UAE_Traffic).
  6. Configure the DDoS protection settings based on the requirements. Some common settings include:
  • Define the threshold values for various DDoS attack types, such as SYN Flood, UDP Flood, ICMP Flood, etc.
  • Configure the action to be taken when an attack is detected, such as blocking the traffic or generating an alert.
  • Optionally, it is possible to specify additional settings, such as enabling the logging options for individual or all objects.

     7. Once the DDoS policy settings are configured, select the 'OK' or 'Save' button to create the policy.

 

DDoS_Policy.PNG

 

By configuring a DDoS policy in FortiGate, it is possible to enhance network security by protecting against various types of DDoS attacks and taking appropriate actions to mitigate the impact of such attacks.
18254
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.