Fortinet black logo

Handbook

Enabling denial of service protection

Enabling denial of service protection

You can enable basic denial of service (DoS) prevention to combat SYN floods. When enabled, FortiADC uses the SYN cookie method to track half-open connections. The system maintains a DoS mitigation table for each configured IPv4 virtual server. It times out half-open connections so that they do not deplete system resources.

Note: The DoS feature is supported for traffic to virtual servers only. However, it is not supported for IPv6 traffic or for Layer 4 virtual servers with the Direct Routing packet forwarding mode.

Before you begin:

  • You must have Read-Write permission for Firewall settings.
To enable denial of service protection:
  1. Go to Security > SYN Flood Prevention.
  2. Enable the SYN Cookie feature.
  3. Specify a maximum number of half open sockets. The default is 1 (10 connections). The valid range is 1 to 80,000.
  4. Save the configuration.

Enabling denial of service protection

You can enable basic denial of service (DoS) prevention to combat SYN floods. When enabled, FortiADC uses the SYN cookie method to track half-open connections. The system maintains a DoS mitigation table for each configured IPv4 virtual server. It times out half-open connections so that they do not deplete system resources.

Note: The DoS feature is supported for traffic to virtual servers only. However, it is not supported for IPv6 traffic or for Layer 4 virtual servers with the Direct Routing packet forwarding mode.

Before you begin:

  • You must have Read-Write permission for Firewall settings.
To enable denial of service protection:
  1. Go to Security > SYN Flood Prevention.
  2. Enable the SYN Cookie feature.
  3. Specify a maximum number of half open sockets. The default is 1 (10 connections). The valid range is 1 to 80,000.
  4. Save the configuration.