Enabling denial of service protection
You can enable basic denial of service (DoS) prevention to combat
SYN floods. When enabled, FortiADC uses the SYN cookie method to track half-open connections. The system maintains a DoS mitigation table for each configured IPv4 virtual server. It times out half-open connections so that they do not deplete system resources.
Note: The DoS feature is supported for traffic to virtual servers only. However, it is not supported for IPv6 traffic or for Layer 4 virtual servers with the Direct Routing packet forwarding mode.
Before you begin:
• You must have Read-Write permission for Firewall settings.
To enable denial of service protection:
1. Go to Security > DoS Prevention.
2. Enable the SYN Cookie feature.
3. Specify a maximum number of half open sockets. The default is 1 (10 connections). The valid range is 1 to 80,000.
4. Save the configuration.