FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the functionality and configuration of DoS policy offload on FortiGate 100/101F and 200/201F models.
Scope
FortiGate 100/101F and 200/201F models.
Solution
FortiGate 100F and 200F models use NP6Xlite ASIC processors and are equipped with a SYNPROXY module. This module enables partial offload of DoS features, enhancing performance and reducing CPU load.
This is because DoS/DDoS protection profiles on non-NP7-based FortiGates have always relied on the CPU.
To enable DoS policy offload on these models, use the following command:
config system settings
set policy-offload-level dos-offload
end
SYNPROXY is a TCP SYN packet proxy that protects any TCP server (such as a web server) from SYN floods and similar DoS attacks.
