Created on
02-06-2017
11:39 AM
Edited on
02-19-2025
06:43 AM
By
Jean-Philippe_P
Description
Solution
To configure an IPv4 DoS Policy to block TCP or UDP port scans on a WAN port, follow these steps:
Set 'tcp_port_scan' and 'udp_scan' to Block, as shown in the above image.
Adjust the threshold accordingly, a lower number increases the sensitivity of the DoS Policy and it can lead to a higher number of false positives.
With the default value of 1000 for tcp_port_scan, the firewall will block and generate a log (if action Block) or only generate a log (if action Monitor) when the SYN packet rate of a new TCP session exceeds 1000 packets per second.
Related article:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.