# Fortigate IPS DoS configuration Sample
Fortigate $ show ips DoS block_dos
config ips DoS
edit "block_dos"
config anomaly
edit "tcp_syn_flood"
set status enable
set log enable
set action block
set threshold 100
next
edit "tcp_port_scan"
set status enable
set log enable
set action block
set threshold 100
next
edit "tcp_src_session"
set status enable
set log enable
set action block
set threshold 100
next
edit "tcp_dst_session"
set status enable
set log enable
set action block
set threshold 100
next
edit "udp_flood"
set status enable
set log enable
set action block
set threshold 100
next
edit "udp_scan"
set status enable
set log enable
set action block
set threshold 100
next
edit "udp_src_session"
set status enable
set log enable
set action block
set threshold 100
next
edit "udp_dst_session"
set status enable
set log enable
set action block
set threshold 100
next
edit "icmp_flood"
set status enable
set log enable
set action block
set threshold 100
next
edit "icmp_sweep"
set status enable
set log enable
set action block
set threshold 100
next
edit "icmp_src_session"
set status enable
set log enable
set action block
set threshold 100
next
edit "icmp_dst_session"
set status enable
set log enable
set action block
set threshold 100
next
edit "ip_src_session"
set status enable
set log enable
set action block
set threshold 100
next
edit "ip_dst_session"
set status enable
set log enable
set action block
set threshold 100
next
end
next
end
Fortigate $ sh firewall interface-policy
config firewall interface-policy
edit 1
set interface "dmz"
set srcaddr "all"
set dstaddr "all"
set service "ANY"
set ips-DoS-status enable
set ips-DoS "block_dos"
next
end
## Default
Fortigate # show firewall DoS-policy
config firewall DoS-policy
edit 2
set interface "wan1"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
config anomaly
edit "tcp_syn_flood"
set threshold 2000
next
edit "tcp_port_scan"
set threshold 1000
next
edit "tcp_src_session"
set threshold 5000
next
edit "tcp_dst_session"
set threshold 5000
next
edit "udp_flood"
set threshold 2000
next
edit "udp_scan"
set threshold 2000
next
edit "udp_src_session"
set threshold 5000
next
edit "udp_dst_session"
set threshold 5000
next
edit "icmp_flood"
set threshold 250
next
edit "icmp_sweep"
set threshold 100
next
edit "icmp_src_session"
set threshold 300
next
edit "icmp_dst_session"
set threshold 1000
next
edit "ip_src_session"
set threshold 5000
next
edit "ip_dst_session"
set threshold 5000
next
edit "sctp_flood"
set threshold 2000
next
edit "sctp_scan"
set threshold 1000
next
edit "sctp_src_session"
set threshold 5000
next
edit "sctp_dst_session"
set threshold 5000
next
end
next
end
Fortigate #
'업무이야기 > Security' 카테고리의 다른 글
| Fortigate SIP ALG / Fortinet SIP ALG (0) | 2013.03.10 |
|---|---|
| Juniper Firewall DHCP Server Configuration (0) | 2013.03.10 |
| Fortigate Port Restricted (0) | 2013.03.10 |
| Resetting a lost Fortigate Admin Password (1) | 2012.11.07 |
| FortiOS 5.0 Enhancement Summary (0) | 2012.10.23 |