Configuring syn flood protection – Fortinet Network Device IPS User Manual

Page 54

Advertising
background image

FortiGate IPS User Guide Version 3.0 MR7

54

01-30007-0080-20080916

Configuring SYN flood protection

SYN flood attacks

Configuring SYN flood protection

To configure the SYN flood protection

1

Go to Intrusion Protection > DoS Sensor.

2

Select Create New.

3

Configure the options for tcp_syn_flood.

4

Select OK.

Figure 18: Configuring the syn_flood anomaly

Suggested settings for different network conditions

The main setting that impacts the efficiency of the pseudo SYN proxy in detecting
SYN floods is the threshold value. The default threshold is 2000. Select an
appropriate value based on network conditions. Normally, if the servers being
protected by the FortiGate unit need to handle heavier requests, such as a busy
web server, the threshold should be set to a higher value. If the network carries
lighter traffic, the threshold should be set to a lower value.

Advertising
See also other documents in the category Fortinet Hardware: