Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
PCNSE
NSE
StrongSwan
But yes, there is more you can do to relieve your FGT. You can see in your logs that the originating source is often the same address. Create an interface-policy (in the CLI only!) to filter on that source address. I would even expand that to whole subnets and/or countries. Interface policies are effective way before other FGT features like routing, regular policies or UTM. They are meant to help in exactly your situation. A real DDoS attack cannot be stopped this way, all of what emnoc posted is the bitter truth. But you can protect your network and the ressources of your FGT with simple configuration. Besides, funny that interface policy is coming up twice in the last days. It' s rarely used and even more rarely asked for on the forums. See https://forum.fortinet.com/FindPost/113610
To a certain degree you can rate limit access using a DoS sensor (https://forum.fortinet.com/FindPost/111099). Alternatively, an IPS sensor to track some IPs, but this consumes more resources. Maybe you should also check if your server is acting as an open resolver: http://openresolverproject.org/
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.