The meaning of the threshold explains that the ip_src_session DDOS rule samples the number of packets sent by an individual IP address then matches this to a DDOS policy.
The sampling of the IP flows for a particular IP address takes place around every second, so in this sample it means that between sampling when the IP flow was below the threshold (10000) on the previous attempt and then above the threshold (11927) on the next sampling of the number of IP flows therefore triggering a log.
This is related to the number of times this DDOS rule has been triggered, in this sample the count=744 field in the log relates to the ..repeats 744 times"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.