Chapter 7. Security

7.1 DDoS Prevention

Learning Objectives

  • Configure a DDoS prevention profile
Scenario: In this lab, we are going to set a DDoS Prevention on traffic from Port1 to Port2. In Kali, we are going to install a script to do a DOS attack and in the firewall, we will set a DDoS Prevention Policy to block DOS traffic.
DDoS Prevention main scenario
Figure 7.1: Main scenario
Table 7.1: Devices configuration
Device IP address Access
Kali1 DHCP Client
FortiGate Port 1: DHCP Client

Port 2: 192.168.0.1/24, DHCP Server (192.168.0.10-192.168.0.20)

 ICMP-HTTP-HTTPS
Web Term1(FMC) 192.168.0.2/24
Web Term2 DHCP Client
  1. FortiGate CLI Configuration for port2.
    FGVM01TM19008000 # config system interface
    FGVM01TM19008000 (interface) # edit port2
    FGVM01TM19008000 (port2) # set ip 192.168.0.1/24
    FGVM01TM19008000 (port2) # set allowaccess http https ping
    FGVM01TM19008000 (port2) # end
  2. Go to Kali and Download the pentmenu repository and run DOS > UDP FLOOD > Enter port1 IP address > Port 443.
    Download and execute pentmenu script
    Figure 7.2: Download and execute pentmenu script
    Running UDP Flood
    Figure 7.3: Running UDP Flood
  3. Go to Policy & Object > IPV4 DOS Policy:
    • Name: DOS
    • Incoming Interface: Port1
    • Source, Destination, Service: all
    • L3 Anomalies: Status and Logging: Enable, Action Block
    • L4 Anomalies: Status and Logging: Enable, Action Block
    IPv4 DoS Policy
    Figure 7.4: IPv4 DoS Policy
    IPv4 DOS Policy Settings
    Figure 7.5: IPv4 DOS Policy Settings
  4. Now, start the attack again and go to Log & Report > Anomaly.
    Figure 7.6: View anomaly report

    Go to Dashboard > Security > Top Threats and verify your result.

  5. Go to FortiGate CLI and configure DOS Policy for ICMP_flood as follows:

    FGVM01TM19008000 # config firewall DoS-policy
    FGVM01TM19008000 (DoS-policy) # edit 2
    FGVM01TM19008000 (2) # set interface “port1”
    FGVM01TM19008000 (2) # set srcaddr “all”
    FGVM01TM19008000 (2) # set dstaddr “all”
    FGVM01TM19008000 (2) # set service “ALL”
    FGVM01TM19008000 (2) # config anomaly
    FGVM01TM19008000 (anomaly) # edit “icmp_flood”
    FGVM01TM19008000 (icmp_flood) # set status enable
    FGVM01TM19008000 (icmp_flood) # set log enable
    FGVM01TM19008000 (icmp_flood) # set quarantine attacker
    FGVM01TM19008000 (icmp_flood) # set quarantine-expiry 2m
    FGVM01TM19008000 (icmp_flood) # set quarantine-log disable
    FGVM01TM19008000 (icmp_flood) # set threshold 10
    FGVM01TM19008000 (icmp_flood) # next
    FGVM01TM19008000 (anomaly) # end
    FGVM01TM19008000 (2) # end

  6. Go to Kali and run this command. First, 10 packets were allowed, and the 11th packet triggered the following block.root@ubuntu:~# ping -c 2000 -i 0.01  Port1-IP-Address.
    Verify DOS prevention
    Figure 7.8: Verify DOS prevention

License

Icon for the Creative Commons Attribution 4.0 International License

FortiGate Firewall Copyright © 2023 by Hamid Talebi is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book