IPv4 DoS Policy

ShaileshMdr · ‎07-24-2023

Hi Community,

Is it possible to achieve the following case regarding DoS policy on FortiGate.

If a DoS attack is attempted by an attacker then FortiGate Quarantines the Attacker for 1 day.

If the same attacker tries to attempt another DoS attack after being removed from the Quarantine List after 1 day then block the attacker permanently. Is this possible?

Regards

Shailesh

#nse4

srajeswaran · ‎07-24-2023

I think we can use the DOS policy action and automation stitch together to achieve this. I haven't tested it, but i believe its may work.

Step1.
Create a DOS policy with action as quarantine as explained in below document.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-DoS-protection-s-quaranti...

Step2.
Create an automation stitch to execute action IP BAN based on the event log triggered for DOS attack and if we specify minimum 2 logs before executing the action, we can meet the condition of 2nd attempt after quarantine.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creating-the-automation-stitches/ta-p/1957...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ShaileshMdr · ‎07-24-2023

Hello Srajeswaran,

Yes I was thinking the same but the FortiOS version I am currently using does not include the automation and stitch feature. However I will try and upgrade my FortiGate and try using it.

Regards,

Shailesh

#nse4

IPv4 DoS Policy

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website