Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
franz
New Contributor

Best practices to setting up a DoS sensor

Hello to everyone, which are the thresholds to set a Dos sensor?Which one i must set to protect my web server from attack DoS/DDoS? Thanks
1 REPLY 1
iskandar_lie
Staff
Staff

Hi Franz:

This is a common guideline you can follow before defining the ideal threshold :
1. Know your network internal behavior - local report should help - if the fortigate has internal hardisk.
https://community.fortinet.com/t5/FortiGate/Technical-Note-Hard-disk-utilisation-by-the-FortiGate/ta... - check fortigate internal hard disk
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Local-Reports/ta-p/198272 -- how to activate local report - local report is hidden by default
2. Start DoS setting with monitoring - so you don't block legitimate traffic by accident. Do monitoring for 1-2 weeks to make sure it will reach full occupancy of your network traffic
3. Review the result with the data from VoIP apps or hardware for average usage - you can gather the data from the manufacturer.
4. When you analyze all the data, you can set 10-20% over the threshold to give some buffer and minimize the possibility of dropping legitimate traffic.
5. Review the data regularly - because the security will always need to be fine tuned over the time.
6. DoS is basically not harmful as long as hardware has still ample resource to handle this.
https://en.wikipedia.org/wiki/Denial-of-service_attack


Cheers,

Lie

Labels
Top Kudoed Authors