Help
FortiDDoS
FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.
cbenejean
Staff
Staff

Created on ‎08-07-2015 01:09 AM

Article Id 190668

Technical Note: FortiDDoS - Threshold and most common L4 ports

Description
The thresholds (Inbound and Outbound) for the most commonly used ports such as HTTP, FTP, DNS, etc are not set when applying the Sytem Recommendation settings, even if the traffic statistics during the learning period have detected traffic on these ports. This means that the thresholds for those ports are set to the maximum value of 134217727.

This is to ensure that no false-positive will happen because the threshold on the port has been set too low. This should not at that level that the migration should happen. The attack catch-up will be triggered by others means such as source tracking, anomaly in IP or l4 level, Syn flood mitigation, L3 or L7 thresholds, etc.

Scope
FortiDDoS v4.1 and above.

Solution
Only add value to these thresholds if a specific issue needs to be addressed.

Labels:
452
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.