- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Enquiry on FortiGate TCP Connection (conn-limit) limit and TCP/UDP/ICMP limit feature.
Hello All,
Do we have an option to limit the TCP/UDP connections limit on FortiGate? likewise of Cisco ASA Firewalls.
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
For ddos protection, use ddos policies. Please see https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/771644/dos-policy on setting up different anomalies and thresholds.
Best regards,
Jin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
One can define a traffic shaper per-ip and and assign it within the policy
e.g
config firewall shaper per-ip-shaper
edit "limit200"
set max-concurrent-session 200
next
end
best regards,
Jin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Hin,
I think this can be used for forward traffic from inside zone to SDWAN / outside zone.
Can we have the same for DMZ ?
to restrict the ddos via TCP/UDP floods.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
For ddos protection, use ddos policies. Please see https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/771644/dos-policy on setting up different anomalies and thresholds.
Best regards,
Jin