Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Cajuntank
Contributor II

DoS policy inquiry

I am tweaking my DoS policies and have two inquiries for further clarification purposes. I understand that my destination address in the policy needs to be the public facing IP address for the servers/services I am wanting to protect.

 

1. Is the firewall's interface (or NAT pool) inferred in that (even though you specify the server's VIP address as the destination only)? So what I mean is, if the firewall's WAN interface is 1.1.1.1 and the server's VIP is 1.1.1.2 and I specify just the server's address in the destination, should I also receive anomaly info on the 1.1.1.1 as well should my policy threshold trip? I'm asking this as I am getting anomalies on my firewall's NAT pool interface for just general egress traffic that I don't have defined in my DoS Policy destination, so was curious about that.

2. Is there any benefit in separating out policies, i.e... one for L4 ICMP anomalies for all destinations and one for L4 TCP_src anomalies for specific destinations for example?

 

Edited to respond that I answered my own inquiry. First query was due to the fact that I totally forgot that my SSL VPN was also a public facing service. Second query was more just a matter of my preference in that I created on policy to cover ICMP only to all destinations with ICMP anomalies only and a second policy where I was very granular to those public facing servers on only the ports I had open for those VIPs with tcp anomalies only (no tcp_dst since this is Internet sourced policy and not an outbound destined).

 

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Cajuntank

I think I'm good. I edited my question to relay that I was able to provide my own answer due to missing that I also had SSL VPN on the firewall interface that I forgot about along with the personal preference on separating the policies (ICMP and TCP) which I ended up doing to just keep some distinction in reporting.

Anthony_E
Community Manager
Community Manager

Thank you for this update!

Do not hesitate to come back to our forum if you need anything.

 

Regards,

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors