Hi, friends.
Are the DoS policies created in fortigate necessary when having HTTPS and HTTP publishing?
I have a SIP publishing policy on the firewall but I'm not sure if I should create DoS policies or not.
To avoid blocking problems due to false positives perhaps, I am configuring a DDos profile in MONITOR mode, but I have a question, what is the difference between "logging" and "monitor"?
I attach an image of my MONITOR profile.
Could you help me with this query please.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Logging: Enable/disable logging for specific anomalies or all of them. Anomalous traffic will be logged when the action is Block or Monitor.
Monitor: Allow the anomalous traffic, but record a log message if logging is enabled.
So to create a monitor mode profile, would it only be necessary to enable "monitor" or also logging? I'm confused.
I want to create a profile that doesn't take any action, just monitor.
Hi @unknown1020 ,
I believe if you choose Monitor it will not take any action on the traffic, it will only log this traffic for audit purposes. Basically it allows the anomalous traffic, and records a log message if logging is enabled.
Thank you.
One question, I only have one service published on my firewall regarding the "SIP" service. I do not have HTTP HTTPS published services on the firewall. Are these DDos policies only created in the firewall for those publications HTTP HTTPS?
DoS policies examine the network traffic arriving at a FortiGate interface for anomalous patterns, which usually indicates an attack. On the other side "SIP" service you refer i believe is for traffic going through the firewall.
I have a SIP (Wan to Lan) service publication.
I have seen KB https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-Denial-of-Service-DoS-protection... where incoming interface select the WAN.
For this reason, I ask if these DDOS policies are related to WAN TO LAN publications? directly to the http and https service.
In my case I only have the SIP service (wan to lan) therefore can I also create those ddos monitor policies?
Yes you are protecting the HTTP/HTTPS service on the interface 'wan2' in your case, if that is the only interface expecting traffic.
That policy will only log traffic if logging is enabled.
I only have the SIP (WAN TO LAN) service publication, so it is viable to create the Ddos policy, correct? For my SIP publication
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.