FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff
Article Id 196059
Description
There are two different modes to configure the DOS sensor behaviour when action is set to "block". This configuration option is a global setting which is applied to all VDOMs, it is found in the global section 'config ips global'.

The default mode is "continuous" which means that when the threshold is reached then all traffic matching the attack is blocked.

The mode "periodical" can be configured which means that once the attack threshold is reached then IPS will still allow packets matching the attack to go through at the threshold based rate.  This calculation is done per second.

config global
config ips global

set anomaly-mode continuous (default setting)
or
set anomaly-mode periodical

end

where:
continuous block packets once attack starts
periodical allows configured number of packets every second

Contributors