Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NeilG
Contributor

Why can't I see DOS Policy option in gui on a 60D with 5.2.3

Does the 60D not support DOS-Policy GUI?

 

Per the 5.2.3 release notes the following issue was fixed:

260342 The DOS Policy ID may be missing in the GUI

 

Thanks!

 

 

2 Solutions
Christopher_McMullan

The threshold for GUI display of DoS policies are models 100 and above.

The bug mentioned in the release notes was specifically in the case of existing DoS policies not displaying their IDs in the GUI after upgrading from 5.0.9 to 5.2.2.

Regards, Chris McMullan Fortinet Ottawa

View solution in original post

TheJaeene
Contributor

Hi Neil,

 

Here is an CLI Example bound to WAN1 with the default Values set to Log & Block

 

config firewall DoS-policy edit 1 set interface "wan1" set srcaddr "all" set dstaddr "all" set service "ALL" config anomaly edit "tcp_syn_flood" set status enable set log enable set action block set threshold 1000 next edit "tcp_port_scan" set status enable set log enable set threshold 100 next edit "tcp_src_session" set status enable set log enable set threshold 5000 next edit "tcp_dst_session" set status enable set log enable set threshold 5000 next edit "udp_flood" set status enable set log enable set action block set threshold 2000 next edit "udp_scan" set status enable set log enable set threshold 2000 next edit "udp_src_session" set status enable set log enable set threshold 5000 next edit "udp_dst_session" set status enable set log enable set threshold 5000 next edit "icmp_flood" set status enable set log enable set action block set threshold 250 next edit "icmp_sweep" set status enable set log enable set threshold 100 next edit "icmp_src_session" set status enable set log enable set threshold 300 next edit "icmp_dst_session" set status enable set log enable set threshold 1000 next edit "ip_src_session" set status enable set log enable set threshold 5000 next edit "ip_dst_session" set status enable set log enable set threshold 5000 next edit "sctp_flood" set status enable set log enable set action block set threshold 2000 next edit "sctp_scan" set status enable set log enable set threshold 1000 next edit "sctp_src_session" set status enable set log enable set threshold 5000 next edit "sctp_dst_session" set status enable set log enable set threshold 5000 next end

View solution in original post

3 REPLIES 3
Christopher_McMullan

The threshold for GUI display of DoS policies are models 100 and above.

The bug mentioned in the release notes was specifically in the case of existing DoS policies not displaying their IDs in the GUI after upgrading from 5.0.9 to 5.2.2.

Regards, Chris McMullan Fortinet Ottawa

Fullmoon

could you share on how to apply DoS policy using FGT 60D. Thanks

Fortigate Newbie

Fortigate Newbie
TheJaeene
Contributor

Hi Neil,

 

Here is an CLI Example bound to WAN1 with the default Values set to Log & Block

 

config firewall DoS-policy edit 1 set interface "wan1" set srcaddr "all" set dstaddr "all" set service "ALL" config anomaly edit "tcp_syn_flood" set status enable set log enable set action block set threshold 1000 next edit "tcp_port_scan" set status enable set log enable set threshold 100 next edit "tcp_src_session" set status enable set log enable set threshold 5000 next edit "tcp_dst_session" set status enable set log enable set threshold 5000 next edit "udp_flood" set status enable set log enable set action block set threshold 2000 next edit "udp_scan" set status enable set log enable set threshold 2000 next edit "udp_src_session" set status enable set log enable set threshold 5000 next edit "udp_dst_session" set status enable set log enable set threshold 5000 next edit "icmp_flood" set status enable set log enable set action block set threshold 250 next edit "icmp_sweep" set status enable set log enable set threshold 100 next edit "icmp_src_session" set status enable set log enable set threshold 300 next edit "icmp_dst_session" set status enable set log enable set threshold 1000 next edit "ip_src_session" set status enable set log enable set threshold 5000 next edit "ip_dst_session" set status enable set log enable set threshold 5000 next edit "sctp_flood" set status enable set log enable set action block set threshold 2000 next edit "sctp_scan" set status enable set log enable set threshold 1000 next edit "sctp_src_session" set status enable set log enable set threshold 5000 next edit "sctp_dst_session" set status enable set log enable set threshold 5000 next end

Top Kudoed Authors