Hi Community,
Is it possible to achieve the following case regarding DoS policy on FortiGate.
If a DoS attack is attempted by an attacker then FortiGate Quarantines the Attacker for 1 day.
If the same attacker tries to attempt another DoS attack after being removed from the Quarantine List after 1 day then block the attacker permanently. Is this possible?
Regards
Shailesh
I think we can use the DOS policy action and automation stitch together to achieve this. I haven't tested it, but i believe its may work.
Step1.
Create a DOS policy with action as quarantine as explained in below document.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-DoS-protection-s-quaranti...
Step2.
Create an automation stitch to execute action IP BAN based on the event log triggered for DOS attack and if we specify minimum 2 logs before executing the action, we can meet the condition of 2nd attempt after quarantine.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creating-the-automation-stitches/ta-p/1957...
Hello Srajeswaran,
Yes I was thinking the same but the FortiOS version I am currently using does not include the automation and stitch feature. However I will try and upgrade my FortiGate and try using it.
Regards,
Shailesh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.