Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎04-25-2024 08:36 AM Edited on ‎04-25-2024 09:25 AM

DoS policy in FortiGate

Hi, friends.

 

Are the DoS policies created in fortigate necessary when having HTTPS and HTTP publishing?


I have a SIP publishing policy on the firewall but I'm not sure if I should create DoS policies or not.

 

To avoid blocking problems due to false positives perhaps, I am configuring a DDos profile in MONITOR mode, but I have a question, what is the difference between "logging" and "monitor"?

 

I attach an image of my MONITOR profile.

 

Sin título.jpg

 

Could you help me with this query please.

Labels:
540
0 Kudos
12 REPLIES 12
Mrinmoy
Staff
Staff

Created on ‎04-25-2024 10:53 AM

Logging: Enable/disable logging for specific anomalies or all of them. Anomalous traffic will be logged when the action is Block or Monitor.
Monitor: Allow the anomalous traffic, but record a log message if logging is enabled.

Mrinmoy Purkayastha
383
0 Kudos
unknown1020
New Contributor III
In response to Mrinmoy

Created on ‎04-25-2024 11:14 AM

So to create a monitor mode profile, would it only be necessary to enable "monitor" or also logging? I'm confused.

I want to create a profile that doesn't take any action, just monitor.

 

377
0 Kudos
dbu
Staff
Staff
In response to unknown1020

Created on ‎04-25-2024 11:20 AM Edited on ‎04-25-2024 11:23 AM

Hi @unknown1020 ,

I believe if you choose Monitor it will not take any action on the traffic, it will only log this traffic for audit purposes. Basically it allows the anomalous traffic, and records a log message if logging is enabled.

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
374
0 Kudos
unknown1020
New Contributor III
In response to dbu

Created on ‎04-25-2024 11:24 AM

Thank you.

One question, I only have one service published on my firewall regarding the "SIP" service. I do not have HTTP HTTPS published services on the firewall. Are these DDos policies only created in the firewall for those publications HTTP HTTPS?

371
0 Kudos
dbu
Staff
Staff
In response to unknown1020

Created on ‎04-25-2024 11:27 AM

DoS policies examine the network traffic arriving at a FortiGate interface for anomalous patterns, which usually indicates an attack. On the other side "SIP" service  you refer i believe is for traffic going through the firewall. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
368
0 Kudos
unknown1020
New Contributor III
In response to dbu

Created on ‎04-25-2024 11:35 AM

I have a SIP (Wan to Lan) service publication.

I have seen KB https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-Denial-of-Service-DoS-protection... where incoming interface select the WAN.

 

For this reason, I ask if these DDOS policies are related to WAN TO LAN publications? directly to the http and https service.

In my case I only have the SIP service (wan to lan) therefore can I also create those ddos monitor policies?

364
0 Kudos
dbu
Staff
Staff
In response to unknown1020

Created on ‎04-25-2024 11:49 AM

Yes you are protecting the HTTP/HTTPS service on the interface 'wan2' in your case, if that is the only interface expecting traffic. 
That policy will only log traffic if logging is enabled. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
350
0 Kudos
unknown1020
New Contributor III
In response to dbu

Created on ‎04-25-2024 12:02 PM

I only have the SIP (WAN TO LAN) service publication, so it is viable to create the Ddos policy, correct? For my SIP publication

344
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.