Configuring the SPP switching policy
You can use the SPP switching policy option to enable the FortiDDoS system to switch to the alternate profile when the traffic rate exceeds a packet/second threshold that you specify in the SPP policy configuration.
For example, you can use the SPP switching policy to toggle automatically between a primary profile that handles low levels of traffic and a secondary profile that enforces stringent thresholds. Or you can pair a primary profile that is deployed in Detection Mode with a secondary profile that is deployed in Prevention Mode.
When the system switches to the secondary profile, it monitors and regulates traffic for the subnet using the secondary profile as long as the packet/second rate remains above the switching policy threshold. After traffic has remained steadily below it for a timeout period that you specify, the system switches back to the primary profile.
Before you begin:
• You must have Read-Write permission for Global Settings.
After you have enabled the switching policy feature, you can specify it in an SPP policy.
To configure the switching policy:
1. Go to Global Settings > Service Protection Profiles > Switching Policy.
2. Complete the configuration as described in
Table 13.
3. Save the configuration.
Table 13: SPP switching policy configuration
Settings | Guidelines |
Switching | • Enable • Disable |
Timeout | Toggle back to the primary profile when the throughput rate remains below the packet/second threshold specified in the SPP policy configuration for this many seconds. The default is 255 seconds. |