Configuring a Do Not Track policy

Global Settings : Configuring a Do Not Track policy

You can specify IP addresses that FortiDDoS does not restrict or track. Packets matching the Do Not Track policy are forwarded without inspection.

Before you begin:

• You must have configured address objects that you want to match in policy rules. See “Configuring address objects for global ACLs”.

• You must have Read-Write permission for Global Settings.

To configure a Do Not Track policy:

1. Go to Global Settings > Do Not Track Policy > [Do Not Track Policy | Do Not Track Policy IPv6].

2. Click Add to display the configuration editor.

3. Complete the configuration as described in Table 23.

4. Save the configuration.

Table 23: Do Not Track policy configuration
Settings	Guidelines
Name	Configuration name. Must not contain spaces.
IP address	Select an address object.
Do not track action	• Do not track—Never drop or block packets to/from these IP addresses; do not include them in the statistics for continuous learning and threshold estimation. • Track and Allow—Never drop or block packets to/from these IP addresses; include them in the statistics for continuous learning and threshold estimation.


	To configure with the CLI, use a command sequence similar to the following: config ddos global {do-not-track-policy \| do-not-track-policy-v6} edit <do_not_track_name> set do-not-track-IP-address <address_object> set do-not-track-action {track-and-allow \| do-not-track} end