Workflow

Key concepts : How to use the web UI : Workflow

Workflow

While the “heart” of your security enforcement on FortiWeb is server policies, its individual settings are specified in rules and exceptions, that are grouped into sets and selected in a profile before being applied to the server policy. Often you will not be able to complete configuration of an item unless you have configured its chain of prerequisites. For that reason, you may want to start with the most granular settings first.

For example, when configuring DoS protection, configuration must occur in this order:

1. Configure anti-DoS settings for each type:

• TCP connection floods (“Limiting TCP connections per IP address”)

• TCP SYN floods (“Preventing a TCP SYN flood”)

• HTTP floods (“Preventing an HTTP request flood”)

• HTTP access limits (“Limiting the total HTTP request rate from an IP”)

• Malicious IPs (TCP connection floods detected by session cookie instead of source IP address, which could be shared by multiple clients; “Limiting TCP connections per IP address by session cookie”)

2. Group the settings together into a comprehensive anti-DoS policy (“Grouping DoS protection rules”).

3. Select the anti-DoS policy in a protection profile, and enable Session Management (“Configuring a protection profile for inline topologies”).

4. Select the protection profile in a server policy (“Configuring a server policy”).