config : system dos-prevention
 
system dos-prevention
Use this command to configure protection from TCP SYN flood-style denial of service (DoS) attacks. Once you configure DoS protection, the FortiWeb appliance automatically applies it to connections matching any server policy.
 
For true transparent mode, use the syncookie and half-open-threshold options of server policy instead. See “server-policy policy”.
To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For more information, see “Permissions”.
Syntax
config system dos-prevention
set syncookie {enable | disable}
set half-open-threshold <syn‑rate_int>
set severity {High | Medium | Low}
set trigger <trigger-policy_name>
end
Variable
Description
Default
syncookie {enable | disable}
Enable to detect TCP SYN flood attacks.
disable
half-open-threshold <syn‑rate_int>
Type the maximum number of TCP SYN packets, including retransmission, that may be sent per second to a destination address. If this threshold is exceeded, the FortiWeb appliance treats the traffic as a DoS attack and ignores additional traffic from that source address. The valid range is from 10 to 10,000 packets.
100
severity {High | Medium | Low}
Select the severity level to use in logs and reports generated when a violation of the policy occurs.
High
trigger <trigger-policy_name>
Type the name of the trigger to apply when this policy is violated (see “config log trigger-policy”). The maximum length is 35 characters.
To display the list of existing trigger policies, type:
set trigger ?
No default.
Related topics
config waf application-layer-dos-prevention
config log trigger-policy