Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MVSantoshReddy
New Contributor

Enquiry on FortiGate TCP Connection (conn-limit) limit and TCP/UDP/ICMP limit feature.

Hello All,

 

Do we have an option to limit the TCP/UDP connections limit on FortiGate? likewise of Cisco ASA Firewalls. 

1 Solution
jintrah_FTNT

Hi,

 

For ddos protection, use ddos policies. Please see https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/771644/dos-policy on setting up different anomalies and thresholds.

 

Best regards,

Jin

View solution in original post

3 REPLIES 3
jintrah_FTNT
Staff
Staff

Hi,

 

One can define a traffic shaper per-ip and and assign it within the policy

e.g

config firewall shaper per-ip-shaper

edit "limit200"  

set max-concurrent-session 200

next

end

 

best regards,

Jin

MVSantoshReddy

Hello Hin,

I think this can be used for forward traffic from inside zone to SDWAN / outside zone.

 

Can we have the same for DMZ ?

 

to restrict the ddos via TCP/UDP floods.

jintrah_FTNT

Hi,

 

For ddos protection, use ddos policies. Please see https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/771644/dos-policy on setting up different anomalies and thresholds.

 

Best regards,

Jin

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors