Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Session Limits (Capping)

Using FG620B.... I haven' t seen this in documentation or KB, but is anyone aware of method to set and enforce hard/max limit on tcp/udp sessions establishment per node; hoping to mitigate state generation and inspection footprint from " less than healthy" hosts... Thanks in advance for any help/suggestions!
3 REPLIES 3
abelio
SuperUser
SuperUser

Hello and welcome, i' m not sure if that is your searching for, but wit the new fortiOS 4.x you have resource allocation per VDOM; you can configure global rsource limit to control perfomance impact of something specific and then distribute the resources per vdom. Search admin guide (fortiOS 4.x) for ' system resource-limits' and ' system vdom-property' regards.

regards




/ Abel

regards / Abel
FortiRack_Eric
New Contributor III

Isn' t that were IPS was designed for to deliver? sounds to me that you need to define a DoS rule on the interface to define max udp/tcp/icmp limits per IP. Cheers, Eric

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
beaven67
New Contributor

Yes create a dos policy specific to each address you need to limit. As long as you are running a 4.x.x release should should be able to. Make sure you select the enable check box.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors