Hello,
I've a Fortigate 1200D unit as a firewall for mitigating DDoS attacks. But I'm having issues with some kind of DDoS attacks.
For example, with attacks with heavy pps count (arround 2 millons of packets per second).
When I receive an attack of these characteristics, the CPU of the Fortigate rises only to 60/70% (never to 100%), the sessions are increased up to 800k and upon reaching this amount, the team begins to close stabilized and legitimate sessions. An example of this is that all the BGP sessions established in the interface where the attack enters are closed because the holdtime expires.
I understand that this equipment should work perfectly for this type of DDoS attacks. In the specifications it says that it can reach 11 million concurrent sessions and 72 million packages per second. Under normal conditions the device manages 2 Gbps of traffic at peak and around 200k sessions.
I think I have a problem with the configuration.
Im using firmware v5.2.10,build742 (GA).
If someone can help me with this, I would appreciate it very much.
Regards
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.