Help
FortiDDoS
FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.
Andy_G
Staff
Staff

Created on ‎08-01-2017 02:29 AM

Article Id 196924

Technical Note: How to configure IP's that should not be dropped or blocked by the FortiDDoS

Description
This article explains how to add IP's on the FortiDDoS that should not be tracked.

Solution
Packets for the IP's added on the "Do not track" Policy are forwarded without inspection. Otherwise, packets are evaluated against sets of built-in rules and user-defined rules.

There are two types of Action:
  • Do not track.   Never drop or block packets to/from these IP addresses; do not include them in the statistics for continuous learning and threshold estimation.
  • Track and Allow.   Never drop or block packets to/from these IP addresses; include them in the statistics for continuous learning and threshold estimation.
To configure with the CLI, use a command sequence similar to the following:
config ddos global {do-not-track-policy | do-not-trackpolicy-v6}

edit <name>
set do-not-track-IP-address <Ip_address_object>
set do-not-track-action {track-and-allow | do-not-track}
end

vkumaresan_FD40602_tn_FD40602-1.jpg
vkumaresan_FD40602_tn_FD40602-2.jpg


To configure with the CLI, use a command sequence similar to the following:
config ddos global local-address
edit
set ip-netmask <address_ipv4netmask>
end

Labels:
638
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.