Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
v_ceban
Staff
Staff

Created on ‎10-23-2024 07:59 AM Edited on ‎10-23-2024 07:59 AM By Moderator

Article Id 321950

Technical Tip: Understanding DoS Policy Offload on FortiGate 100/101F and 200/201F Models

Description This article describes the functionality and configuration of DoS policy offload on FortiGate 100/101F and 200/201F models.
Scope FortiGate 100/101F and 200/201F models.
Solution

FortiGate 100F and 200F models use NP6Xlite ASIC processors and are equipped with a SYNPROXY module. This module enables partial offload of DoS features, enhancing performance and reducing CPU load.

 

To enable DoS policy offload on these models, use the following command:

 

    config system settings

        set policy-offload-level dos-offload

    end


SYNPROXY is a TCP SYN packet proxy that protects any TCP server (such as a web server) from SYN floods and similar DoS attacks.

 

Related articles:

DoS policy hardware acceleration
Labels:
221
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.