# Fortigate IPS DoS configuration Sample

 

Fortigate $ show ips DoS block_dos
config ips DoS
    edit "block_dos"
            config anomaly
                edit "tcp_syn_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_port_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_sweep"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "ip_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "ip_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
            end
    next
end


Fortigate $ sh firewall interface-policy
config firewall interface-policy
    edit 1
        set interface "dmz"
            set srcaddr "all"
            set dstaddr "all"
            set service "ANY"
        set ips-DoS-status enable
        set ips-DoS "block_dos"
    next
end

 


## Default

Fortigate # show firewall DoS-policy
config firewall DoS-policy
    edit 2
        set interface "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set service "ALL"
            config anomaly
                edit "tcp_syn_flood"
                    set threshold 2000
                next
                edit "tcp_port_scan"
                    set threshold 1000
                next
                edit "tcp_src_session"
                    set threshold 5000
                next
                edit "tcp_dst_session"
                    set threshold 5000
                next
                edit "udp_flood"
                    set threshold 2000
                next
                edit "udp_scan"
                    set threshold 2000
                next
                edit "udp_src_session"
                    set threshold 5000
                next
                edit "udp_dst_session"
                    set threshold 5000
                next
                edit "icmp_flood"
                    set threshold 250
                next
                edit "icmp_sweep"
                    set threshold 100
                next
                edit "icmp_src_session"
                    set threshold 300
                next
                edit "icmp_dst_session"
                    set threshold 1000
                next
                edit "ip_src_session"
                    set threshold 5000
                next
                edit "ip_dst_session"
                    set threshold 5000
                next
                edit "sctp_flood"
                    set threshold 2000
                next
                edit "sctp_scan"
                    set threshold 1000
                next
                edit "sctp_src_session"
                    set threshold 5000
                next
                edit "sctp_dst_session"
                    set threshold 5000
                next
            end
    next
end

Fortigate #

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

Spam Blacklist 확인 사이트  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2013.03.10
Fortigate IPS DoS configuration Sample  (0) 2013.03.10
Fortigate Port Restricted  (0) 2013.03.10
Resetting a lost Fortigate Admin Password  (1) 2012.11.07
FortiOS 5.0 Enhancement Summary  (0) 2012.10.23

# Fortigate IPS DoS configuration Sample

qvrexhqfw2 $ show ips DoS block_dos
config ips DoS
    edit "block_dos"
            config anomaly
                edit "tcp_syn_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_port_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_sweep"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
            end
    next
end
qvrexhqfw2 $ sh firewall interface-policy
config firewall interface-policy
    edit 1
        set interface "dmz"
            set srcaddr "all"
            set dstaddr "all"
            set service "ANY"
        set ips-DoS-status enable
        set ips-DoS "block_dos"
    next
end

저작자 표시 비영리 변경 금지
신고


/Safezone/util/wbdiag2000 -> Giga Port
/Safezone/util/wbdiag400 -> 100M Port
/Safezone/util/wbdiag400 0 -> 6543 Port
/Safezone/util/wbdiag400 1 -> 7543 Port

저작자 표시 비영리 변경 금지
신고

'업무이야기 > SafezoneIPS' 카테고리의 다른 글

LG SafeZone IPS 2400 뒷면.....  (0) 2012.01.26
Safezone IPS 뚜껑따다  (0) 2011.11.21

Safezone IPS 장비에 FAN LED가 들어와서 뚜껑을 따 보았다.
FAN LED가 1~5까지가 있는데 중간에 있는 세개의 FAN이 1,2,3번이고 4,5번은 CPU FAN이다.
저작자 표시 비영리 변경 금지
신고

'업무이야기 > SafezoneIPS' 카테고리의 다른 글

LG SafeZone IPS 2400 뒷면.....  (0) 2012.01.26
Safezone IPS 뚜껑따다  (0) 2011.11.21