Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ShaileshMdr
New Contributor III

IPv4 DoS Policy

Hi Community,

 

Is it possible to achieve the following case regarding DoS policy on FortiGate.

 

If a DoS attack is attempted by an attacker then FortiGate Quarantines the Attacker for 1 day.

If the same attacker tries to attempt another DoS attack after being removed from the Quarantine List after 1 day then block the attacker permanently. Is this possible?

 

Regards

Shailesh

 

#nse4
#nse4
2 REPLIES 2
srajeswaran
Staff
Staff

I think we can use the DOS policy action and automation stitch together to achieve this. I haven't tested it, but i believe its may work.

Step1.
Create a DOS policy with action as quarantine as explained in below document.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-DoS-protection-s-quaranti...

Step2.
Create an automation stitch to execute action IP BAN based on the event log triggered for DOS attack and if we specify minimum 2 logs before executing the action, we can meet the condition of 2nd attempt after quarantine.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creating-the-automation-stitches/ta-p/1957...


Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ShaileshMdr

Hello Srajeswaran,

 

Yes I was thinking the same but the FortiOS version I am currently using does not include the automation and stitch feature. However I will try and upgrade my FortiGate and try using it.

 

Regards,

Shailesh

#nse4
#nse4
Top Kudoed Authors