Fortinet 548B User Manual

- 634 -

11.2.3.17 Defining Denial Of Service Page

Selection Criteria

TCP Fragment - Enable or disable this option by selecting the corresponding line on the pulldown
entry field. Enabling TCP Fragment DoS prevention causes the switch to drop packets that have a
TCP header smaller then the configured Min TCP Hdr Size. The factory default is disabled.

ICMP - Enable or disable this option by selecting the corresponding line on the pulldown entry field.
Enabling ICMP DoS prevention causes the switch to drop ICMP packets that have a type set to
ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size. The factory default is
disabled.

ICMP Fragment - Enable or disable this option by selecting the corresponding line on the pulldown
entry field. Enabling ICMP Fragment DoS prevention causes the switch to drop ICMP Fragmented
packets. The factory default is disabled.

TCP Port - Enable or disable this option by selecting the corresponding line on the pulldown entry
field. Enabling TCP Port DoS prevention causes the switch to drop packets that have TCP source
port equal to TCP destination port. The factory default is disabled.

UDP Port - Enable or disable this option by selecting the corresponding line on the pulldown entry
field. Enabling UDP Port DoS prevention causes the switch to drop packets that have UDP source
port equal to UDP destination port. The factory default is disabled.

SIP=DIP - Enable or disable this option by selecting the corresponding line on the pulldown entry
field. Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP
address equal to the destination IP address. The factory default is disabled.