Fortinet black logo

Handbook

Home FortiADC 7.4.1 Handbook
7.4.1
7.4.3
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7

Configuring a TCP connection access flood protection policy

Configuring a TCP connection access flood protection policy

A TCP connection flood attempts to prevent legitimate requests from being established by flooding the server with requests for new connections. By setting a threshold limit for TCP requests, FortiADC can detect and take action to protect against a TCP connection flood.

Before you begin:
  • You must have Read-Write permission for Security settings.
To configure a TCP Connection Access Flood Protection policy:
  1. Go to DoS Protection > Networking.
  2. Click the TCP Connection Access Flood Protection tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a unique name for the TCP Connection Access Flood Protection configuration. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.
    StatusIf enabled, this policy will be activated, otherwise it is inactive. This is enabled by default.
    LimitLimit the number of TCP connections per source IP address. Default: 0 Range: 0-65535. 0 means no TCP request limit.
    Action

    Specify the action to take when the TCP connection number exceeds the limit.

    • Pass — allow the new connection from this IP address.

    • Deny — deny the new connection from this IP address

    • Period Block — deny the new connection from this IP address for a period of time.

    The default action is Deny.

    Period Block

    The Period Block option is available if the Action is Period Block.

    Specify the number of seconds to block new TCP connections from being established. During this period, new TCP connection requests will be aborted. Default: 60 Range: 1-3600 seconds.

    LogEnable or disable log. This is disabled by default.

    Severity

    Specify the log severity level.

    • Low — Log as low severity events.

    • Medium — Log as a medium severity events.

    • High — Log as high severity events.

    The default severity level is High.

  5. Click Save.
Previous
Next

Configuring a TCP connection access flood protection policy

A TCP connection flood attempts to prevent legitimate requests from being established by flooding the server with requests for new connections. By setting a threshold limit for TCP requests, FortiADC can detect and take action to protect against a TCP connection flood.

Before you begin:
  • You must have Read-Write permission for Security settings.
To configure a TCP Connection Access Flood Protection policy:
  1. Go to DoS Protection > Networking.
  2. Click the TCP Connection Access Flood Protection tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a unique name for the TCP Connection Access Flood Protection configuration. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.
    StatusIf enabled, this policy will be activated, otherwise it is inactive. This is enabled by default.
    LimitLimit the number of TCP connections per source IP address. Default: 0 Range: 0-65535. 0 means no TCP request limit.
    Action

    Specify the action to take when the TCP connection number exceeds the limit.

    • Pass — allow the new connection from this IP address.

    • Deny — deny the new connection from this IP address

    • Period Block — deny the new connection from this IP address for a period of time.

    The default action is Deny.

    Period Block

    The Period Block option is available if the Action is Period Block.

    Specify the number of seconds to block new TCP connections from being established. During this period, new TCP connection requests will be aborted. Default: 60 Range: 1-3600 seconds.

    LogEnable or disable log. This is disabled by default.

    Severity

    Specify the log severity level.

    • Low — Log as low severity events.

    • Medium — Log as a medium severity events.

    • High — Log as high severity events.

    The default severity level is High.

  5. Click Save.
Previous
Next