DoS policy in FortiGate

unknown1020 · ‎04-25-2024

Hi, friends.

Are the DoS policies created in fortigate necessary when having HTTPS and HTTP publishing?

I have a SIP publishing policy on the firewall but I'm not sure if I should create DoS policies or not.

To avoid blocking problems due to false positives perhaps, I am configuring a DDos profile in MONITOR mode, but I have a question, what is the difference between "logging" and "monitor"?

I attach an image of my MONITOR profile.

Could you help me with this query please.

dbu · ‎04-25-2024

Yes you can do that.

Why you need only Monitor and not Block ?
What is the purpose of not dropping the traffic that is malicious ? DDOS is there to help you more than just monitoring.

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

unknown1020 · ‎04-25-2024

This is the first time I am going to create a DDOS policy rule. Therefore, I want to start monitoring and then take action.

Could you confirm if this profile is correct? It is in monitor mode

dbu · ‎04-25-2024

Me personally i would go with action Block and Logging enabled. Maybe in your case is good to start with Monitor and you observe what is going on.

Then you decide what to block and what thresholds to apply.

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.