# Fortigate IPS DoS configuration Sample

 

Fortigate $ show ips DoS block_dos
config ips DoS
    edit "block_dos"
            config anomaly
                edit "tcp_syn_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_port_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "tcp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "udp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_sweep"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "icmp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "ip_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
                edit "ip_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 100
                next
            end
    next
end


Fortigate $ sh firewall interface-policy
config firewall interface-policy
    edit 1
        set interface "dmz"
            set srcaddr "all"
            set dstaddr "all"
            set service "ANY"
        set ips-DoS-status enable
        set ips-DoS "block_dos"
    next
end

 


## Default

Fortigate # show firewall DoS-policy
config firewall DoS-policy
    edit 2
        set interface "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set service "ALL"
            config anomaly
                edit "tcp_syn_flood"
                    set threshold 2000
                next
                edit "tcp_port_scan"
                    set threshold 1000
                next
                edit "tcp_src_session"
                    set threshold 5000
                next
                edit "tcp_dst_session"
                    set threshold 5000
                next
                edit "udp_flood"
                    set threshold 2000
                next
                edit "udp_scan"
                    set threshold 2000
                next
                edit "udp_src_session"
                    set threshold 5000
                next
                edit "udp_dst_session"
                    set threshold 5000
                next
                edit "icmp_flood"
                    set threshold 250
                next
                edit "icmp_sweep"
                    set threshold 100
                next
                edit "icmp_src_session"
                    set threshold 300
                next
                edit "icmp_dst_session"
                    set threshold 1000
                next
                edit "ip_src_session"
                    set threshold 5000
                next
                edit "ip_dst_session"
                    set threshold 5000
                next
                edit "sctp_flood"
                    set threshold 2000
                next
                edit "sctp_scan"
                    set threshold 1000
                next
                edit "sctp_src_session"
                    set threshold 5000
                next
                edit "sctp_dst_session"
                    set threshold 5000
                next
            end
    next
end

Fortigate #

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

Spam Blacklist 확인 사이트  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2013.03.10
Fortigate IPS DoS configuration Sample  (0) 2013.03.10
Fortigate Port Restricted  (0) 2013.03.10
Resetting a lost Fortigate Admin Password  (1) 2012.11.07
FortiOS 5.0 Enhancement Summary  (0) 2012.10.23

Fortigate Port Restricted

 

## Dynamic source NAT without changing the source port (one-to-one source NAT)

 

# Problem

Some protocols or services will only function if they use a specific source port, or a source port that does not change. Normally source NAT changes the source port to allow multiple simultaneous sessions.

 

# Solution

You can select the fixed port option to restrict the FortiGate unit to not translate the source port. This results in a one-to-one NAT configuration. One-to-one NAT limits the number of simultaneous sessions that are supported because one variable for tracking sessions (the source port number) is no longer available. To allow more sessions, one-to-one NAT is normally used with multiple external IPs added to an IP pool.

In this example, you enable one-to-one NAT by enabling the fixed port option in a security policy and adding an IP pool containing three IP addresses: 172.20.120.[13-15]. The fixed port option is enabled from the CLI so this entire example is configured from the CLI.

 

1 Enter the following command to add the IP pool:

config firewall ippool

edit Dynamic-Source

set startip 172.20.120.13

set endip 172.20.120.15

end

 

2 Enter the following command to add a security policy that allows users on the private network to access the Internet.

config firewall policy

edit 0

set srcintf internal

set srcaddr all

set dstintf wan1

set dstaddr all

set schedule always

set service ANY

set action accept

set nat enable

set fixedport enable

set ippool enable

set poolname Dynamic-Source

end

 

If you edit this policy from the web‑based manager, you will notice that the Fixed Port option is visible and is selected.

저작자 표시 비영리 변경 금지
신고

Resetting a lost Fortigate Admin Password

If you have lost the admin password for a Fortigate you can reset it if you have physical access to the box.
  • Connect the console cable to the Fortigate and fire up your favorite terminal emulator
  • Reboot the firewall unit.
  • At the console login prompt, type in "maintainer" as the userid.
  • Type in bcpbFGTxxxxxxxxxxxxx as the password. xxxxxxxxxxxxxwill be the S/N of the Fortigate. The serial number is case sensitive so for example you should use FGT60B, not FGT60b.
  • After logging in, change the admin password:
config system admin
edit admin
set password 
next
end

Heads up: You have to type the userid and password within a few seconds of the login prompt first appearing. If you take too much time you should reboot the firewall again.

 

저작자 표시 비영리 변경 금지
신고
  • Favicon of http://sbpaek.tistory.com BlogIcon 괴물™ 2012.12.20 11:44 신고

    포티게이트 Password Recovery 방법입니다.

    1. console 접속하여 장비 리부팅 후 로그인 화면 출력
    2. 로그인시 ID: maintaner, Password: bcpb<장비시리얼번호>
    3. 장비 접속후 접속자 계정 패스워드 변경 후 로그아웃
    4. 재접속

    + 주의사항
    - ID 및 Password가 틀렸을시 포티게이트 리부팅이 필요
    - 로그인시 부팅후 1~2분내로 접속하여하며 그렇지 못했을시 리부팅이 필요

 

 

저작자 표시 비영리 변경 금지
신고

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

저작자 표시 비영리 변경 금지
신고

# Fortigate IPS DoS configuration Sample

qvrexhqfw2 $ show ips DoS block_dos
config ips DoS
    edit "block_dos"
            config anomaly
                edit "tcp_syn_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_port_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_sweep"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
            end
    next
end
qvrexhqfw2 $ sh firewall interface-policy
config firewall interface-policy
    edit 1
        set interface "dmz"
            set srcaddr "all"
            set dstaddr "all"
            set service "ANY"
        set ips-DoS-status enable
        set ips-DoS "block_dos"
    next
end

저작자 표시 비영리 변경 금지
신고

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

저작자 표시 비영리 변경 금지
신고