Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

DoS policy in FortiGate

Hi, friends.

 

Are the DoS policies created in fortigate necessary when having HTTPS and HTTP publishing?


I have a SIP publishing policy on the firewall but I'm not sure if I should create DoS policies or not.

 

To avoid blocking problems due to false positives perhaps, I am configuring a DDos profile in MONITOR mode, but I have a question, what is the difference between "logging" and "monitor"?

 

I attach an image of my MONITOR profile.

 

Sin título.jpg

 

Could you help me with this query please.

12 REPLIES 12
dbu

Yes you can do that. 

Why you need only Monitor  and not Block ?
What is the purpose of not dropping the traffic that is malicious ? DDOS is there to help you more than just monitoring.

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
unknown1020
New Contributor III

This is the first time I am going to create a DDOS policy rule. Therefore, I want to start monitoring and then take action.

 

Could you confirm if this profile is correct? It is in monitor mode

 

Sin título.jpg

 

dbu

Me personally i would go with action Block and Logging enabled. Maybe in your case is good to start with Monitor and you observe what is going on. 

Then you decide what to block and what thresholds to apply. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors