Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Zyndarius
New Contributor

What' s the difference between reset & drop?

When you configure a signature to drop or reset, which is the difference between those two actions? Thanks in advance.
4 REPLIES 4
TopJimmy
New Contributor

I believe a drop literally drops the packets. A reset sends a RST back to the source. IMHO, the drop is a better way to go when using IPS but I could be wrong.
-TJ
-TJ
billp
Contributor

In my experience, a " reset" results in a slightly better end user experience. If it is a web based app, the browser won' t time out. It will just return a blank screen. If the traffic is dropped, you are more likely to have a browser time out which appears to look more like an Internet/firewall problem to the end user. . .and is more likely to result in call to the help desk. I guess it depends on your users.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Zyndarius
New Contributor

Ahaa, I do understand now. But at the traffic level, when the configuration is " drop" the connection, established by the endpoints, still remains but the packets are dropped right?. And when the configuration is reset, the session, i.e. the connection is broken and therefore all further packets are dropped consequently to the first action taken.? Correct me if I am wrong, please.
billp
Contributor

That sounds right to me, but perhaps someone else could confirm.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors