I'm trying to develop, tune and implement some DoS policies on a FGT60d running 5.2.7 (no GUI option for DoS policies).
We have HTTP, HTTPS, SMTP services exposed through VIPs.
I've been able to setup a basic DoS policy (with logging and action "pass") using the CLI on the external interface "wan1" for all services with the intention of tuning thresholds, however monitoring this has shown me that this may not be the most practical approach.
At present I'm seeing tcp_port_scan anomalies triggered by both an (obviously) hostile IP address and the gateway IP of one of our largest customers - clearly I don't want to wind up quarantining the latter..
This leads me to the following questions:
1. Should I be applying DoS policies only to the services we expose?
2. Are DoS policies processed in top-down order similar to firewall policies?
3. Are DoS policies VIP aware? i.e. should I use the ViP as the destination address for the policy (as with a firewall policy)?
I should note that I have (and currently am) reviewing other posts on DoS prevention within the forum however many lead to dead links or pose questions that the OP never returned to update (as with many forums..).
I'm not looking to reinvent the wheel here but to implement a sensible level of defence (effort vs reward) that leaves customers unaffected and us with a minimum of maintenance overhead.
Thanks.
Hello,
DoS Policy isn't available to desktop/small models.
Best regards,
follow us: [link]https://networkingcontrol.wordpress.com[/link]
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.