Configuring syn flood protection – Fortinet Network Device IPS User Manual
Page 54
FortiGate IPS User Guide Version 3.0 MR7
54
01-30007-0080-20080916
Configuring SYN flood protection
SYN flood attacks
Configuring SYN flood protection
To configure the SYN flood protection
1
Go to Intrusion Protection > DoS Sensor.
2
Select Create New.
3
Configure the options for tcp_syn_flood.
4
Select OK.
Figure 18: Configuring the syn_flood anomaly
Suggested settings for different network conditions
The main setting that impacts the efficiency of the pseudo SYN proxy in detecting
SYN floods is the threshold value. The default threshold is 2000. Select an
appropriate value based on network conditions. Normally, if the servers being
protected by the FortiGate unit need to handle heavier requests, such as a busy
web server, the threshold should be set to a higher value. If the network carries
lighter traffic, the threshold should be set to a lower value.