3 dos-control firstfrag, 4 dos-control tcpflag – Fortinet 548B User Manual

- 303 -

no - This command sets Minimum TCP Header Size Denial of Service protection to the default value
of disabled.

Default Setting

Disabled, 20

Command Mode

Global Config

7.13.2.3 dos-control firstfrag

This command enables IP First Fragment Denial of Service protection. If the mode is enabled, Denial of
Service prevention is active for this type of attack. If packets ingress having IP First Fragment Offset
equal to one (1), the packets will be dropped if the mode is enabled.

Syntax

dos-control firstfrag
no dos-control firstfrag

no - This command disabled IP First Fragment Denial of Service protection.

Default Setting

Disabled

Command Mode

Global Config

7.13.2.4 dos-control tcpflag

This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of
Service prevention is active for this type of attacks. If packets ingress having TCP Flag SYN set and a
source port less than 1024 or having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or
having TCP Flags FIN, URG, and PSH set and TCP Sequence Number set to 0 or having TCP Flags
SYN and FIN both set, the packets will be dropped if the mode is enabled.

Syntax

dos-control tcpflag
no dos-control tcpflag

no - This command sets disables TCP Flag Denial of Service protections.