Using Dos Policies To Detect And Prevent Attacks; Viewing The Dos Policy List - Fortinet FortiGate Series Administration Manual

Using DoS policies to detect and prevent attacks

Using DoS policies to detect and prevent attacks

Viewing the DoS policy list

404
User Group
Schedule
Service
Profile
Traffic Shaping
Log Traffic
Delete icon
Edit icon
Move Up or Move Down
Tip: If you select NAT, the IP address of the outgoing interface of the FortiGate unit is used
as the source address for new sessions started by SSL VPN.
Note: The traffic shaping option can be used to traffic shape tunnel-mode SSL VPN traffic,
but has no effect on web-mode SSL VPN traffic.
DoS policies are primarily used to apply DoS sensors to network traffic based on the
FortiGate interface it is leaving or entering as well as the source and destination
addresses. DoS sensors are a traffic anomaly detection feature to identify network traffic
that does not fit known or common traffic patterns and behavior. A common example of
anomalous traffic is the denial of service attack. A denial of service occurs when an
attacking system starts an abnormally large number of sessions with a target system. The
large number of sessions slows down or disables the target system so legitimate users
can no longer use it.
DoS policies examine network traffic very early in the sequence of protective measures
the FortiGate unit deploys to protect your network. Because of this, DoS policies are a
very efficient defence, using few resources. The previously mention denial of service
would be detected and its packets dropped before requiring firewall policy look-ups,
antivirus scans, and other protective but resource-intensive operations.
This section provides an introduction to configuring DoS Policies. For more information
see the FortiGate UTM User
The DoS policy list displays the DoS policies in their order of matching precedence for
each interface, source/destination address pair, and service.
The selected user groups that must authenticate to be allowed to use
this policy.
The one-time or recurring schedule that controls when the policy is in
effect.
You can also create schedules by selecting Create New from this list.
For more information, see "Firewall Schedule" on page
The firewall service or service group that packets must match to
trigger this policy.
The protection profile to apply to this policy. You can also create a
protection profile by selecting Create New from this list. For more
information, see "Firewall Protection Profile" on page
The traffic shaping configuration for this policy.
For more information, see "Traffic Shaping" on page
If the Log Allowed Traffic option is selected when adding an identity-
based policy, a green check mark appears. Otherwise, a white cross
mark appears.
Select to delete this policy.
Select to edit this policy.
Select to move the policy in the list. Firewall policy order affects policy
matching. You can arrange the firewall policy list to influence the order
in which policies are evaluated for matches with user groups.
Guide.
FortiGate Version 4.0 MR1 Administration Guide
Firewall Policy
437.
479.
441.
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback