Configuring Emergency Bypass Mode; Configuring Link Down Synchronization Or Link State Propagation; Assigning Virtual Identifiers (Vids) To Protect Systems - Fortinet FortiDDoS Installation Manual

Installation & Initial Configuration
Configuring
emergency
bypass mode
Configuring link
down
synchronization
or link state
propagation

Assigning Virtual Identifiers (VIDs) to protect systems

FortiDDoS v3.2 Installation Guide
28-320-183686-20130401
http://docs.fortinet.com/
Choose No Bypass in case you want the existing mode to continue without updated
thresholds - implies no continuous learning and adaptive prevention/detection.
To set the Bypass Mode of the appliance, click Configure > Global > Operating Mode.
Please refer to Figure 11
In Bypass Mode section, select one of the above bypass modes.
Click Save.
At certain times, to eliminate the possibility of malfunction of the FortiDDoS device,
you may want to bypass the device logic while keeping the device inline. To achieve
such a functionality, you can keep the appliance in Emergency Bypass Mode. This
ensures that the packets which arrive at ingress ports are simply transferred to the
corresponding egress ports - just like a wire.
To set the Emergency Bypass Mode of the appliance, click Configure > Global >
Operating Mode. Please refer to
In Emergency Bypass Mode section, click on the checkbox for Emergency Bypass.
Click Save.
Link Down Synchronization lets you configure FortiDDoS device to force the partner
link down on a segment when one of the links goes down. The device monitors the link
state for a pair of ports which are protecting a segment. These correspond to LAN 1
(connected to LAN) or WAN 1 (connected to the Internet). Similarly for Dual WAN Link
mode, these ports correspond to LAN 2 and WAN 2.
If the link goes down on either port, the partner port is disabled. Link Down
Synchronization once enabled, propagates the link state across the FortiDDoS device.
This is the default functionality. If you want to disable this functionality, you must select
Hub mode.
This feature is not useful when using bypass switches and must be set to HUB mode
instead of default WIRE mode.
To enable Link Down Synchronization, you don't have to make any changes. It is set as
the factory default.
To set the Link Down Synchronization to Hub Mode, click Configure > Global > Link
Down Synchronization.
In Link Down Synchronization section, click on the radio button for Hub.
Type yes in the text box and press OK.
Note: Changes to Link Down Synchronization requires restarting the services - which leads to
some downtime. Please plan for the downtime.
Virtual Identifiers (VIDs) enable you to "virtualize" the device to behave as if it were
multiple physical appliances with each appliance conforming to a single
server/network.
Because each networked system has different traffic characteristics, the FortiDDoS
device allows you to build a unique profile for each server/network you want to protect.
• Feedback
Assigning Virtual Identifiers (VIDs) to protect systems
above.
Figure 11 above.
16