# Fortigate IPS DoS configuration Sample

 

Fortigate $ show ips DoS block_dos
config ips DoS
    edit "block_dos"
            config anomaly
                edit "tcp_syn_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_port_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_sweep"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "ip_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "ip_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
            end
    next
end


Fortigate $ sh firewall interface-policy
config firewall interface-policy
    edit 1
        set interface "dmz"
            set srcaddr "all"
            set dstaddr "all"
            set service "ANY"
        set ips-DoS-status enable
        set ips-DoS "block_dos"
    next
end

 


## Default

Fortigate # show firewall DoS-policy
config firewall DoS-policy
    edit 2
        set interface "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set service "ALL"
            config anomaly
                edit "tcp_syn_flood"
                    set threshold 2000
                next
                edit "tcp_port_scan"
                    set threshold 1000
                next
                edit "tcp_src_session"
                    set threshold 5000
                next
                edit "tcp_dst_session"
                    set threshold 5000
                next
                edit "udp_flood"
                    set threshold 2000
                next
                edit "udp_scan"
                    set threshold 2000
                next
                edit "udp_src_session"
                    set threshold 5000
                next
                edit "udp_dst_session"
                    set threshold 5000
                next
                edit "icmp_flood"
                    set threshold 250
                next
                edit "icmp_sweep"
                    set threshold 100
                next
                edit "icmp_src_session"
                    set threshold 300
                next
                edit "icmp_dst_session"
                    set threshold 1000
                next
                edit "ip_src_session"
                    set threshold 5000
                next
                edit "ip_dst_session"
                    set threshold 5000
                next
                edit "sctp_flood"
                    set threshold 2000
                next
                edit "sctp_scan"
                    set threshold 1000
                next
                edit "sctp_src_session"
                    set threshold 5000
                next
                edit "sctp_dst_session"
                    set threshold 5000
                next
            end
    next
end

Fortigate #

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

Spam Blacklist 확인 사이트  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2013.03.10
Fortigate IPS DoS configuration Sample  (0) 2013.03.10
Fortigate Port Restricted  (0) 2013.03.10
Resetting a lost Fortigate Admin Password  (1) 2012.11.07
FortiOS 5.0 Enhancement Summary  (0) 2012.10.23

# Fortigate IPS DoS configuration Sample

qvrexhqfw2 $ show ips DoS block_dos
config ips DoS
    edit "block_dos"
            config anomaly
                edit "tcp_syn_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_port_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_sweep"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
            end
    next
end
qvrexhqfw2 $ sh firewall interface-policy
config firewall interface-policy
    edit 1
        set interface "dmz"
            set srcaddr "all"
            set dstaddr "all"
            set service "ANY"
        set ips-DoS-status enable
        set ips-DoS "block_dos"
    next
end

저작자 표시 비영리 변경 금지
신고


티스토리 툴바