Enabling denial of service protection
You can enable basic denial of service (DoS) prevention to combat SYN floods. When enabled, FortiADC uses the SYN cookie method to track half-open connections. The system maintains a DoS mitigation table for each configured IPv4 virtual server. It times out half-open connections so that they do not deplete system resources.
Note: The DoS feature is not supported for IPv6 traffic or for Layer 4 virtual servers with the Direct Routing packet forwarding mode.
Before you begin:
• You must have Read-Write permission for Firewall settings.
To enable denial of service protection:
1. Go to Security > DoS Prevention.
2. Enable the SYN Cookie feature.
3. Specify a maximum number of half open connections.
4. Save the configuration.