For true transparent mode, use the syncookie and half-open-threshold options of server policy instead. See “server-policy policy”. |
Variable | Description | Default |
syncookie {enable | disable} | Enable to detect TCP SYN flood attacks. | disable |
half-open-threshold <syn‑rate_int> | Type the maximum number of TCP SYN packets, including retransmission, that may be sent per second to a destination address. If this threshold is exceeded, the FortiWeb appliance treats the traffic as a DoS attack and ignores additional traffic from that source address. The valid range is from 10 to 10,000 packets. | 100 |
severity {High | Medium | Low} | Select the severity level to use in logs and reports generated when a violation of the policy occurs. | High |
trigger <trigger-policy_name> | Type the name of the trigger to apply when this policy is violated (see “config log trigger-policy”). The maximum length is 35 characters. To display the list of existing trigger policies, type: set trigger ? | No default. |