FortiOS 5.6 Online Help Link FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link

Home > Online Help

> Chapter 9 - Firewall > Firewall Policies > IPv6 DoS Policy

IPv6 DoS Policy

To configure a IPv6 DoS Policy in the GUI

  1. Goto Policy & Objects > IPv6 DoS Policy

The right side window will display a table of the existing IPv6 DoS Policies.

  • To edit an existing policy, double click on the policy you wish to edit
  • To create a new policy, select the Create New icon in the top left side of the right window.
  1. Set the Incoming Interface parameter by using the drop down menu to select a single interface.
  2. Set the Source IPv6 Address parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the all option is chosen in which case, it will be the only option. For more information on addresses, check the Firewall Objects section called Addresses.
  3. Set the Destination IPv6Address parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the all option is chosen in which case, it will be the only option.
  4. Set the Services parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the ALL option is chosen in which case, it will be the only option.For more information on services, check the Firewall Objects section called Services and TCP ports
  5. Set the parameters for the various traffic anomalies.

All of the anomalies that profiles have been created for are in 2 tables. These tables break up the anomaly profiles into L3 Anomalies and L4 Anomalies. All of the anomalies have the following parameters that can be set on a per anomaly or per column basis.

  • Status - enable or disable the indicated profile
  • Logging - enable or disable logging of the indicated profile being triggered
  • Action - whether to Pass or Block traffic when the threshold is reached
  • Threshold - the number of anomalous packets detected before triggering the action.

The listing of anomaly profiles includes:

L3 Anomalies

  • ip_src_session
  • ip_dst_session

L4 Anomalies

  • tcp_syn_flood
  • tcp_port_scan
  • tcp_src_session
  • tcp_dst_session
  • udp_flood
  • udp_scan
  • udp_src_session
  • udp_dst_session
  • icmp_flood
  • icmp_sweep
  • icmp_src_session
  • icmp_dst_session
  • sctp_flood
  • sctp_scan
  1. Toggle whether or not to Enable this policy.The default is enabled.
  2. Select the OK button to save the policy.