Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AtiT
Valued Contributor

Source Flood in FortiDDoS 400B v4.1.3

Hi,

I have a FortiDDoS switched to prevention mode today. The tresholds were set according to the traffic and no dropped packets were detected under the detection mode.

Now the prevention mode is set and immediately I can see in the log "Source flood" event type with drop count 177, or 57, or 89 etc.

What settings cause this drop? It is not the Most Active Source or some SYN flood.

Where are the thresholds set for this Source flood?

No ACLs are set at the moment.

 

Can anyone help with this?

 

The documentation says:

Source Flood Dropped and blocked packets from over-active sources. Dropped sources are sources that FortiDDoS has dropped due to floods while the blocked sources correspond to ACL entries in the layer 3 sources.

---droped -> due to floods (what type of flood?)

AtiT

AtiT
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors