Hello everyone, My name is Danilo, and I work as a Network analyst for a datacenter provider here in Brazil.
A few days ago, we've faced a huge problem with fortigate 200B, we've lost management access (http and cli).
So I went to Datacenter, and connected myself through the fortigate by console cable, anyway, I couldn't run almost anything (fortigate was busy and CPU utilization was high). Disconnecting the cables, one by one, we found where the attack was comming from, So I put the wireshark on network and found the source and destination IP of attack (was an internal DoS attack to internet). We discovered that fortigate was droppping the packets, but the amount of packets was so big that was consuming CPU.
So, my question is, is there a way to preserve resources (CPU and memory) in order to never lose access via ssh console and HTTP? I know is possible apply traffic shapping, but in my case it doen't works, because traffic was not being forwarding, just processed by CPU and after being dropped.
Thank you!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Danilo,
On Fortigate 200B no (It's a "small" and "old" model).
In new and larger models running FortiOS 5.2, you can dedicate a CPU Core to management system/GUI to avoid this kind of issue.
Regards,
Paulo Raponi
Regards, Paulo Raponi
Hi Danilo,
Just to complete the answer, the command for this is:
config system npu set dedicated-management-cpu [enable | disable> end
(http://kb.fortinet.com/kb/documentLink.do?externalID=FD35377 )
Regards,
Thiago Takayama
Depending on the firmware used you might be able to create a DoS policy, probably from CLI only. This is checked way before the regular routing-policy-UTM chain and should save ressources. As the throughput is limited anyway by the speed of the interface you have chances that this might save enough CPU power so that you still can manage the FGT.
You could test that yourself using e.g. iperf/jperf.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.