FortiDDoS can be deployed out-of-path, listening to mirrored traffic it receives from an in-path Layer 2 bridge or tap device, such as a FortiBridge or a FortiTap device. In an out-of-path deployment, FortiDDoS can build the traffic history it uses to establish thresholds, and it can detect rate anomalies, but it cannot detect TCP state anomalies, and it does not take actions, like dropping traffic, blocking identified source attackers, or aggressively aging connections.

Figure 140 shows a deployment with a tap device. FortiDDoS receives a mirrored copy of inbound traffic from the tap device, but it does not forward it. Likewise, it receives a copy of outbound traffic from the tap device, but it does not forward it.

The tap device must be deployed and configured to forward traffic along the data path and send mirrored traffic to the FortiDDoS.

Functionally, when you enable FortiDDoS Tap Mode, the appliance turns off the transmit (Tx) component of its network interface cards, which both prevents packets from being forwarded and enables this state to be discovered by the attached Layer 2 bridge or tap device.

Check with your Fortinet sales contact for recommended FortiBridge and FortiTap appliances.

Before you begin: