Configuring a TCP connection access flood protection policy
A TCP connection flood attempts to prevent legitimate requests from being established by flooding the server with requests for new connections. By setting a threshold limit for TCP requests, FortiADC can detect and take action to protect against a TCP connection flood.
Before you begin:
- You must have Read-Write permission for Security settings.
To configure a TCP Connection Access Flood Protection policy:
- Go to DoS Protection > Networking.
- Click the TCP Connection Access Flood Protection tab.
- Click Create New to display the configuration editor.
- Configure the following settings:
Setting
Description
Name Enter a unique name for the TCP Connection Access Flood Protection configuration. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. Status If enabled, this policy will be activated, otherwise it is inactive. This is enabled by default. Limit Limit the number of TCP connections per source IP address. Default: 0 Range: 0-65535. 0 means no TCP request limit. Action Specify the action to take when the TCP connection number exceeds the limit.
Pass — allow the new connection from this IP address.
Deny — deny the new connection from this IP address
Period Block — deny the new connection from this IP address for a period of time.
The default action is Deny.
Period Block The Period Block option is available if the Action is Period Block.
Specify the number of seconds to block new TCP connections from being established. During this period, new TCP connection requests will be aborted. Default: 60 Range: 1-3600 seconds.
Log Enable or disable log. This is disabled by default. Severity
Specify the log severity level.
Low — Log as low severity events.
Medium — Log as a medium severity events.
High — Log as high severity events.
The default severity level is High.
- Click Save.