What's New - Fortinet FortiDDoS Series Release Notes

What's new

What's new
FortiDDoS 5.3.0 release includes the following new features and enhancements:
Automated Distress ACL: Distress ACL allows complex Layer 3 and Layer 4 ACLs to be configured that will
block those parameters to the full bandwidth of all front panel ports, offloading the SPUs for very large attacks.
Until Release 5.3.0, these ACLs were configured manually. In 5.3.0, the application of these ACLs can be
automatically triggered via the SPP Switching/Signaling Threshold. Data rates higher than the signaling threshold
will generate an internal list of the Top Attacks and the Layer3/4 attributes of these attacks will be configured
automatically as Distress ACLs. These ACLs are monitored every 30 seconds for continued drops. When drops
fall below a low threshold the ACL is retained but disabled. If later monitoring determines the ACL is required
again it is re-enabled. Traffic not matching these ACLs continues to be processed by the SPUs for additional
mitigation. Drops associated with the automatic Distress ACLs will be shown on the Aggregate Drop Graph, the
matching Distress ACL Monitor graph and will be reported in Attack Logs.
DNS Rcode Thresholds To improve DNS Response Flood mitigation with asymmetric traffic and/or where
encrypted DNS is present, Thresholds can be added as follows:
- DNS Response Code - No Error - Threshold applied to DNS R-Code 0, good Responses
- DNS Response Code - Error - Threshold applied to all DNS R-Codes from 1-15, error Responses
Note, these thresholds are not automatically learned and are not adaptive. They require manual setting by
observation of the DNS R-code Monitor graphs.
Traffic and Drops for all R-codes is seen in the Monitor Graphs for DNS R-codes.
Distress ACL drop graphs are reorganized: - The aggregate of all Distress ACL drops will be shown in
Monitor > Aggregate Drops
- Drops for each Distress ACL will be shown in Monitor > Distress ACL Drops
NTP Reflection Attack For E-Series only, Protection Profiles > Service Config > NTP Reflection ACL will include
both NTP Monlist and Mode 6 responses.
Bypass Status on E-series Added Optical Bypass Status "LEDs" to E-Series dashboard
ACL Search User can Query system via GUI (Log & Report > Diagnostics > ACL Search) the determine if an
IPv4 address is present in:
- IP Reputation
- Geo-location
- Blacklisted IPv4 Address
- Any global or SPP IP or subnet ACL
- Any Do Not Track / Track and Allow ACL
Note: This function is not available via the FortiDDoS Central Mangement GUI. You must login directly to the
appliance to use it.
6 FortiDDoS 5.3.0 Release Notes
Fortinet Technologies Inc.