FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akileshc
Staff
Staff
Article Id 262574
Description

This article describes that configuring Denial of Service (DoS) protection with a specific source country or geolocation allows blocking or restricting traffic originating from specific countries or geographical regions.

This can help mitigate DoS attacks by preventing malicious traffic from entering the network infrastructure, reducing the impact of attacks, improving overall network performance, enhancing security posture, and providing additional control over network traffic based on geographic criteria.

Scope FortiGate.
Solution

To create an address object, follow these steps:

  1. Navigate to Policy & Objects and select Addresses.
  2. Select the 'Create New' button or the '+' icon to create a new address object.
  3. Provide a name for the address object to identify it.
  4. Select the appropriate Type for the address object, in this case, it will be GEO (Geolocation).
  5. Specify the country or geographical region for the address object.
  6. Select the 'OK' or 'Save' button to create the address object.

 

Address_Geo.PNG

 

By creating an address object, it is possible to define a specific geolocation to be used in DDoS policies for filtering and controlling traffic based on geographic criteria.

 

To configure a DDoS policy in FortiGate, follow these steps:

  1. Log in to the FortiGate web-based management interface.
  2. Go to Policy & Objects and select IPv4 DoS Policy.
  3. Select the 'Create New' button or the '+' icon to create a new DDoS policy.
  4. Provide a name for the policy to identify it.
  5.  Select the address object configured with the geographical region as the Source Address (example: UAE_Traffic).
  6. Configure the DDoS protection settings based on the requirements. Some common settings include:
  • Define the threshold values for various DDoS attack types, such as SYN Flood, UDP Flood, ICMP Flood, etc.
  • Configure the action to be taken when an attack is detected, such as blocking the traffic or generating an alert.
  • Optionally, it is possible to specify additional settings, such as enabling the logging options for individual or all objects.

     7. Once the DDoS policy settings are configured, select the 'OK' or 'Save' button to create the policy.

 

DDoS_Policy.PNG

 

By configuring a DDoS policy in FortiGate, it is possible to enhance network security by protecting against various types of DDoS attacks and taking appropriate actions to mitigate the impact of such attacks.

 

Note: It is out of TAC's scope to define Thresholds, or be accountable for packet loss for configured Thresholds during troubleshooting. It is up to the FortiGate Administrator to monitor the traffic and determine the correct Thresholds to apply for each environment.