Fortinet black logo

CLI Reference

config security dos tcp-access-flood-protection

config security dos tcp-access-flood-protection

A Connection Flood refers to an overwhelming amount of connections attempting to flood a victimized FortiADC at the same time. This can be from a single IP address or from a botnet.

The purpose of the attack is to consume the amount of connections in a shorter time. To prevent this, we can limit the numbers of connections from the same IP address.

Example

config security dos tcp-access-flood-protection

edit <name>

set max-access-count <integer>

set action [ pass | deny | block-period]

set block-period <integer>

set severity [ high | medium | low ]

set log [enable | disable]

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

max-access-count

Limit the number of TCP connection per source IP address

integer

0-65535

0

No

action

action when reach the limit

choice

Pass

deny block-period

deny

No

block-period

number of seconds that block the connection action

integer

1-3600

60

No

severity

severity of the Log

choice

info low medium high

high

No

log

record log message

choice

enable

disable

disable

No

Function description

CLI Parameter

Description

max-access-count

Set the TCP connection limit for each source IP address

action

DoS protect action when TCP connection number exceed the limit

Pass – allow the new connection from this IP address

Deny – deny the new connection from this IP address

Block-period -- deny the new connection from this IP address for a period of time

block-period

Block the connection creating for a period, timing when tack the action. During this period, the new connection will abort.

severity

Log severity level

log

Enable or disable log

Example

configure security dos tcp-access-flood-protection

edit tcp-conn

set max-access-count 256

set action block-period

set block-period 20

set log enable

set severity medium

next

end

config security dos tcp-access-flood-protection

config security dos tcp-access-flood-protection

A Connection Flood refers to an overwhelming amount of connections attempting to flood a victimized FortiADC at the same time. This can be from a single IP address or from a botnet.

The purpose of the attack is to consume the amount of connections in a shorter time. To prevent this, we can limit the numbers of connections from the same IP address.

Example

config security dos tcp-access-flood-protection

edit <name>

set max-access-count <integer>

set action [ pass | deny | block-period]

set block-period <integer>

set severity [ high | medium | low ]

set log [enable | disable]

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

max-access-count

Limit the number of TCP connection per source IP address

integer

0-65535

0

No

action

action when reach the limit

choice

Pass

deny block-period

deny

No

block-period

number of seconds that block the connection action

integer

1-3600

60

No

severity

severity of the Log

choice

info low medium high

high

No

log

record log message

choice

enable

disable

disable

No

Function description

CLI Parameter

Description

max-access-count

Set the TCP connection limit for each source IP address

action

DoS protect action when TCP connection number exceed the limit

Pass – allow the new connection from this IP address

Deny – deny the new connection from this IP address

Block-period -- deny the new connection from this IP address for a period of time

block-period

Block the connection creating for a period, timing when tack the action. During this period, the new connection will abort.

severity

Log severity level

log

Enable or disable log

Example

configure security dos tcp-access-flood-protection

edit tcp-conn

set max-access-count 256

set action block-period

set block-period 20

set log enable

set severity medium

next

end