- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DDoS Protection on Fortigate 500E
Dear Experts,
we need you expert opinion regarding DDoS attack Mitigation.
We are running Fortigate 500E HA cluster (6.0.x) in our production environment. we want to protect our web-servers again DDoS attacks. What measures/steps should we take on our Production Fortigates to be able to protect our webservers in DMZ.
I know there are some dedicated products available from Fortinet for DDoS, but we are in a money saving mode nowadays that's why we are looking for the best practices available on the Fortigate.
Thank you for your response and time.
- Labels:
-
FortiDDoS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Applying DDOS policy is simple configuration and the same has been explained in below URLs.
The important point with regards to DDOS is understanding what is the legitimate connection/session/packet rate so that the abnormal sessions/packets/connections can be blocked with DOS policies.
You may start by applying the default threshold values and action as monitor . Check if the normal traffic triggers any DDOS attack, if so you need to increase the threshold and monitor otherwise decrease the threshold and monitor. You may have to repeat this multiple time to find the optimal thresholds and then set the action drop/block.
For example, your webservers may get 1000 connections per second, so if you set a threshold of 900, it will block the 100 legitimate connections.We need to avoid such situations.
Configuration/best practices.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/771644/dos-protection
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-Denial-of-Service-DoS-protection...
https://www.fortinet.com/resources/cyberglossary/ddos-protection
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
FortiGate can only protect against DoS, not DDoS.
As per my knowledge DDoS needs to be supported at ISP level, and eventually FortiDDoS.