FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

This article describes the predefined anomalies used in DoS policies.


A Denial of Service (DoS) policy examines network traffic arriving at a FortiGate interface for anomalous patterns, which usually indicates an attack.


A denial of service occurs when an attacking system starts an abnormally large number of sessions with a target system. The large number of sessions slows down or disables the target system, preventing legitimate users from using it.


DoS policies are checked before security policies, preventing attacks from triggering more resource intensive security protection and slowing down the FortiGate.


Predefined sensors are setup for specific anomalous traffic patterns. New DoS anomalies cannot be added by the user. The predefined anomalies that can be used in DoS policies are:




Related Articles

Technical Tip: How to configure IPv4 DOS policy

Technical Note: How to tune DDoS policies