Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Some questions and comments here:
1) While the drops are higher than normal, remember that Drops are shown "per-period" which is shown at the top left corner of the graph, (not included in your screenshot). Based on the x-axis, it looks like this is the 1-day graph, so the period is 5 minutes or 300 seconds. That means 45,000 drops over 300 seconds which is only an average of 150pps - could be one connection.
2) Did you check direction? Is that direction in Detection or Prevention ?Mode
4) Model and Release would help me. We have changed functionality on some of the below items over time.
3) Foreign Packets are packets that the system cannot associate with an active TCP connection. There can be several reasons for this:
[ol]The most likely scenario here is the slow connection settings or an idle timeout on an SSL server. If you can check your protected servers and create a ticket with the configuration, I can work with you on tuning this.
Regards
Steve Robinson
Hello SteveDDoS_FTNT,
Thank you very much for the update. Just to be complete the SPP is in prevention mode, the Track slow TCP connections is disabled.
The OS version is 4.2.3.
I did not realise that it is basicaly 150pps drop which is not so much.
Thank you for explanation.
AtiT
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.