Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NeilG
Contributor

Created on ‎04-09-2015 08:35 PM

Why can't I see DOS Policy option in gui on a 60D with 5.2.3

Does the 60D not support DOS-Policy GUI?

 

Per the 5.2.3 release notes the following issue was fixed:

260342 The DOS Policy ID may be missing in the GUI

 

Thanks!

 

 

10401
0 Kudos
2 Solutions
Christopher_McMullan
Staff
Staff

Created on ‎04-10-2015 08:34 AM

The threshold for GUI display of DoS policies are models 100 and above.

The bug mentioned in the release notes was specifically in the case of existing DoS policies not displaying their IDs in the GUI after upgrading from 5.0.9 to 5.2.2.

Regards, Chris McMullan Fortinet Ottawa

View solution in original post

2105
0 Kudos
TheJaeene
Contributor

Created on ‎07-06-2015 05:41 AM

Hi Neil,

 

Here is an CLI Example bound to WAN1 with the default Values set to Log & Block

 

config firewall DoS-policy edit 1 set interface "wan1" set srcaddr "all" set dstaddr "all" set service "ALL" config anomaly edit "tcp_syn_flood" set status enable set log enable set action block set threshold 1000 next edit "tcp_port_scan" set status enable set log enable set threshold 100 next edit "tcp_src_session" set status enable set log enable set threshold 5000 next edit "tcp_dst_session" set status enable set log enable set threshold 5000 next edit "udp_flood" set status enable set log enable set action block set threshold 2000 next edit "udp_scan" set status enable set log enable set threshold 2000 next edit "udp_src_session" set status enable set log enable set threshold 5000 next edit "udp_dst_session" set status enable set log enable set threshold 5000 next edit "icmp_flood" set status enable set log enable set action block set threshold 250 next edit "icmp_sweep" set status enable set log enable set threshold 100 next edit "icmp_src_session" set status enable set log enable set threshold 300 next edit "icmp_dst_session" set status enable set log enable set threshold 1000 next edit "ip_src_session" set status enable set log enable set threshold 5000 next edit "ip_dst_session" set status enable set log enable set threshold 5000 next edit "sctp_flood" set status enable set log enable set action block set threshold 2000 next edit "sctp_scan" set status enable set log enable set threshold 1000 next edit "sctp_src_session" set status enable set log enable set threshold 5000 next edit "sctp_dst_session" set status enable set log enable set threshold 5000 next end

View solution in original post

2105
0 Kudos
3 REPLIES 3
Christopher_McMullan
Staff
Staff

Created on ‎04-10-2015 08:34 AM

The threshold for GUI display of DoS policies are models 100 and above.

The bug mentioned in the release notes was specifically in the case of existing DoS policies not displaying their IDs in the GUI after upgrading from 5.0.9 to 5.2.2.

Regards, Chris McMullan Fortinet Ottawa

2106
0 Kudos
Fullmoon
Contributor III
In response to Christopher_McMullan

Created on ‎07-03-2015 03:17 AM

could you share on how to apply DoS policy using FGT 60D. Thanks

Fortigate Newbie

Fortigate Newbie
2070
0 Kudos
TheJaeene
Contributor

Created on ‎07-06-2015 05:41 AM

Hi Neil,

 

Here is an CLI Example bound to WAN1 with the default Values set to Log & Block

 

config firewall DoS-policy edit 1 set interface "wan1" set srcaddr "all" set dstaddr "all" set service "ALL" config anomaly edit "tcp_syn_flood" set status enable set log enable set action block set threshold 1000 next edit "tcp_port_scan" set status enable set log enable set threshold 100 next edit "tcp_src_session" set status enable set log enable set threshold 5000 next edit "tcp_dst_session" set status enable set log enable set threshold 5000 next edit "udp_flood" set status enable set log enable set action block set threshold 2000 next edit "udp_scan" set status enable set log enable set threshold 2000 next edit "udp_src_session" set status enable set log enable set threshold 5000 next edit "udp_dst_session" set status enable set log enable set threshold 5000 next edit "icmp_flood" set status enable set log enable set action block set threshold 250 next edit "icmp_sweep" set status enable set log enable set threshold 100 next edit "icmp_src_session" set status enable set log enable set threshold 300 next edit "icmp_dst_session" set status enable set log enable set threshold 1000 next edit "ip_src_session" set status enable set log enable set threshold 5000 next edit "ip_dst_session" set status enable set log enable set threshold 5000 next edit "sctp_flood" set status enable set log enable set action block set threshold 2000 next edit "sctp_scan" set status enable set log enable set threshold 1000 next edit "sctp_src_session" set status enable set log enable set threshold 5000 next edit "sctp_dst_session" set status enable set log enable set threshold 5000 next end

2106
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.