Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jhelder
Staff
Staff

Created on ‎09-12-2023 01:58 AM Edited on ‎01-30-2024 03:08 AM By Community Manager

Article Id 273204

Technical Tip: Low upload speed in Filecatalyst due to DOS Policy

Description

This article describes the case when using DOS policies, and these ones are being triggered during the file transfer.

 

FileCatalyst is a Client/Server solution that allows file transfers over UDP(8000-8999).
This can trigger the UDP Flood threshold on the default settings of Fortigate's IPv4 DOS Policy causing FortiGate to drop the UDP sessions, causing the slow speed in the file transfer.

 

In this scenario, the uploads are done from outside, using a VIP, and the FileCatalyst is on the Firewall DMZ.
Scope FortiGate version 6.2.x, 6.4.x, 7.0.x, 7.2.x and above.
Solution
FileCatalyst uses the following ports for data transfers (8000-8999) TCP and UDP, and TCP port(21) to control connection, this is the most important ones.
 
For a complete list of ports, verify the link below:
 
  1. Create the service ports for this application:
 
filecast.JPG
 
  1. Now it is just necessary to create a new DOS policy on the top, for these ports and the server, and in this DOS policy, ensure UDP Flood is set to Disable or Monitor.
 
filecast2.JPG
 
Always verify the DOS logs to be sure that there are not any drops for these ports or applications.
Labels:
444
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.