{"id":217,"date":"2022-04-06T00:36:03","date_gmt":"2022-04-06T04:36:03","guid":{"rendered":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/ddos-prevention\/"},"modified":"2025-12-11T15:07:20","modified_gmt":"2025-12-11T20:07:20","slug":"ddos-prevention","status":"publish","type":"chapter","link":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/ddos-prevention\/","title":{"raw":"7.1 DDoS Prevention","rendered":"7.1 DDoS Prevention"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\r\n<p class=\"textbox__title\">Learning Objectives<\/p>\r\n\r\n<\/header>\r\n<div class=\"textbox__content\">\r\n<ul>\r\n \t<li>Configure a DDoS prevention profile<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to set a DDoS Prevention on traffic from Port1 to Port2. In Kali, we are going to install a script to do a DOS attack and in the firewall, we will set a DDoS Prevention Policy to block DOS traffic.<\/div>\r\n\r\n[caption id=\"attachment_214\" align=\"aligncenter\" width=\"1207\"]<img class=\"wp-image-209 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/1.jpg\" alt=\"DDoS Prevention main scenario\" width=\"1207\" height=\"504\" \/> Figure 7.1: Main scenario[\/caption]\r\n\r\n<div align=\"left\">\r\n<table class=\"aligncenter\" style=\"width: 100%\"><caption>Table 7.1: Devices configuration<\/caption>\r\n<tbody>\r\n<tr style=\"height: 35px\">\r\n<th style=\"height: 35px;width: 118.114px\" scope=\"col\">Device<\/th>\r\n<th style=\"height: 35px;width: 474.42px\" scope=\"col\">IP address<\/th>\r\n<th style=\"height: 35px;width: 114.125px\" scope=\"col\">Access<\/th>\r\n<\/tr>\r\n<tr style=\"height: 35px\">\r\n<td style=\"height: 35px;width: 118.114px\">Kali<span style=\"background-color: #ffff00\">(2019\/2021)<\/span><\/td>\r\n<td style=\"height: 35px;width: 474.42px\">DHCP Client<\/td>\r\n<td style=\"height: 35px;width: 114.125px\">-<\/td>\r\n<\/tr>\r\n<tr style=\"height: 89px\">\r\n<td style=\"height: 89px;width: 118.114px\">FortiGate<\/td>\r\n<td style=\"height: 89px;width: 474.42px\">Port 1: DHCP Client\r\n\r\nPort 2: 192.168.0.1\/24, DHCP Server (192.168.0.10-192.168.0.20)<\/td>\r\n<td style=\"height: 89px;width: 114.125px\">ICMP-HTTP-HTTPS<\/td>\r\n<\/tr>\r\n<tr style=\"height: 35px\">\r\n<td style=\"height: 35px;width: 118.114px\">Web Term1(FMC)<\/td>\r\n<td style=\"height: 35px;width: 474.42px\">192.168.0.2\/24<\/td>\r\n<td style=\"height: 35px;width: 114.125px\">-<\/td>\r\n<\/tr>\r\n<tr style=\"height: 35px\">\r\n<td style=\"height: 35px;width: 118.114px\">Web Term2<\/td>\r\n<td style=\"height: 35px;width: 474.42px\">DHCP Client<\/td>\r\n<td style=\"height: 35px;width: 114.125px\">-<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<\/div>\r\n<ol>\r\n \t<li>FortiGate CLI Configuration for port2.\r\n<div class=\"textbox shaded\"><em>FGVM01TM19008000 # config system interface<\/em>\r\n<em>FGVM01TM19008000 (interface) # edit port2<\/em>\r\n<em>FGVM01TM19008000 (port2) # set ip 192.168.0.1\/24<\/em>\r\n<em>FGVM01TM19008000 (port2) # set allowaccess http https ping<\/em>\r\n<em>FGVM01TM19008000 (port2) # end<\/em><\/div><\/li>\r\n \t<li>Go to Kali and Download the <a href=\"https:\/\/github.com\/GinjaChris\/pentmenu\">pentmenu repository<\/a> and run <strong>DOS<\/strong> &gt; <strong>UDP FLOOD<\/strong> &gt; <strong>Enter port1 IP address<\/strong> &gt; <strong>Port 443<\/strong>.\r\n\r\n[caption id=\"attachment_214\" align=\"aligncenter\" width=\"1053\"]<img class=\"wp-image-457 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/2-5.jpg\" alt=\"Download and execute pentmenu script\" width=\"1053\" height=\"614\" \/> Figure 7.2: Download and execute pentmenu script[\/caption]\r\n\r\n[caption id=\"attachment_458\" align=\"aligncenter\" width=\"600\"]<img class=\"wp-image-458\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-4.jpg\" alt=\"Running UDP Flood\" width=\"600\" height=\"416\" \/> Figure 7.3: Running UDP Flood[\/caption]<\/li>\r\n \t<li>Go to <strong>Policy &amp; Object<\/strong> &gt; <strong>IPV4 DOS Policy<\/strong>:\r\n<ul>\r\n \t<li>Name: <strong>DOS<\/strong><\/li>\r\n \t<li>Incoming Interface: <strong>Port1<\/strong><\/li>\r\n \t<li>Source, Destination, Service: <strong>all<\/strong><\/li>\r\n \t<li><span style=\"background-color: #ffff00\">Enable logging<\/span><\/li>\r\n \t<li>L3 Anomalies: Status and Logging: <strong>Enable, Action Block<\/strong><\/li>\r\n \t<li>L4 Anomalies: Status and Logging: <strong>Enable, Action Block<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_214\" align=\"aligncenter\" width=\"1227\"]<img class=\"wp-image-459 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-5.jpg\" alt=\"IPv4 DoS Policy\" width=\"1227\" height=\"624\" \/> Figure 7.4: IPv4 DoS Policy[\/caption]\r\n\r\n[caption id=\"attachment_213\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-213\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/5.jpg\" alt=\"IPv4 DOS Policy Settings\" width=\"500\" height=\"338\" \/> Figure 7.5: IPv4 DOS Policy Settings[\/caption]<\/li>\r\n \t<li>Now, start the attack again and go to <strong>Log &amp; Report<\/strong> &gt; <strong>Anomaly<\/strong>.\r\n\r\n[caption id=\"attachment_214\" align=\"alignnone\" width=\"1265\"]<img class=\"wp-image-214 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6.jpg\" alt=\"\" width=\"1265\" height=\"674\" \/> Figure 7.6: View anomaly report[\/caption]\r\n\r\nGo to <strong>Dashboard<\/strong> &gt; <strong>Security<\/strong> &gt; <strong>Top Threats<\/strong> and verify your result.\r\n\r\n<img class=\"alignnone size-full wp-image-1093\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/11111-1.png\" alt=\"\" width=\"1012\" height=\"733\" \/><\/li>\r\n \t<li>Go to FortiGate CLI and configure DOS Policy for ICMP_flood as follows:\r\n<div class=\"textbox shaded\" style=\"padding-left: 40px\">\r\n\r\n<em>FGVM01TM19008000 # config firewall DoS-policy<\/em>\r\n<em>FGVM01TM19008000 (DoS-policy) # edit 2<\/em>\r\n<em>FGVM01TM19008000 (2) # set interface \"port1\"<\/em>\r\n<em>FGVM01TM19008000 (2) # set srcaddr \"all\"<\/em>\r\n<em>FGVM01TM19008000 (2) # set dstaddr \"all\"<\/em>\r\n<em>FGVM01TM19008000 (2) # set service \"ALL\"<\/em>\r\n<em>FGVM01TM19008000 (2) # config anomaly<\/em>\r\n<em>FGVM01TM19008000 (anomaly) # edit \"icmp_flood\"<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set status enable<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set log enable<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine attacker<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine-expiry 2m<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine-log disable<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set threshold 10<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # next<\/em>\r\n<em>FGVM01TM19008000 (anomaly) # end<\/em>\r\n<em>FGVM01TM19008000 (2) # end<\/em>\r\n\r\n<\/div><\/li>\r\n \t<li>Go to Kali and run this command.\u00a0 <span style=\"background-color: #ffff00\">root@ubuntu:~# ping <strong>-c<\/strong> 2000 <strong>-i<\/strong> 0.01\u00a0 <em><strong>Port1-IP-Address<\/strong><\/em>.<\/span><\/li>\r\n \t<li><span style=\"background-color: #ffff00\">The first 10 packets were permitted, but the 11th packet exceeded the limit and triggered a block event. In this configuration, the FortiGate firewall applies a DoS protection policy on the internal interface to detect and mitigate ICMP flood attacks. The policy monitors all source and destination IP addresses across all services while using anomaly-based detection tailored specifically for ICMP traffic. Once the threshold of 10 packets is surpassed, the firewall automatically blocks further traffic, logs the incident, and quarantines the offending IP address for two minutes. This configuration strengthens the internal network\u2019s security posture by proactively identifying and preventing potential denial-of-service attempts caused by unusual spikes in ICMP activity.<\/span><\/li>\r\n \t<li>\r\n\r\n[caption id=\"attachment_214\" align=\"alignnone\" width=\"806\"]<img class=\"wp-image-464 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-4.jpg\" alt=\"Verify DOS prevention\" width=\"806\" height=\"345\" \/> Figure 7.8: Verify DOS prevention[\/caption]<\/li>\r\n<\/ol>","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li>Configure a DDoS prevention profile<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to set a DDoS Prevention on traffic from Port1 to Port2. In Kali, we are going to install a script to do a DOS attack and in the firewall, we will set a DDoS Prevention Policy to block DOS traffic.<\/div>\n<figure id=\"attachment_214\" aria-describedby=\"caption-attachment-214\" style=\"width: 1207px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-209 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/1.jpg\" alt=\"DDoS Prevention main scenario\" width=\"1207\" height=\"504\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1.jpg 1207w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-300x125.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-1024x428.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-768x321.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-65x27.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-225x94.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-350x146.jpg 350w\" sizes=\"auto, (max-width: 1207px) 100vw, 1207px\" \/><figcaption id=\"caption-attachment-214\" class=\"wp-caption-text\">Figure 7.1: Main scenario<\/figcaption><\/figure>\n<div style=\"text-align: left;\">\n<table class=\"aligncenter\" style=\"width: 100%\">\n<caption>Table 7.1: Devices configuration<\/caption>\n<tbody>\n<tr style=\"height: 35px\">\n<th style=\"height: 35px;width: 118.114px\" scope=\"col\">Device<\/th>\n<th style=\"height: 35px;width: 474.42px\" scope=\"col\">IP address<\/th>\n<th style=\"height: 35px;width: 114.125px\" scope=\"col\">Access<\/th>\n<\/tr>\n<tr style=\"height: 35px\">\n<td style=\"height: 35px;width: 118.114px\">Kali<span style=\"background-color: #ffff00\">(2019\/2021)<\/span><\/td>\n<td style=\"height: 35px;width: 474.42px\">DHCP Client<\/td>\n<td style=\"height: 35px;width: 114.125px\">&#8211;<\/td>\n<\/tr>\n<tr style=\"height: 89px\">\n<td style=\"height: 89px;width: 118.114px\">FortiGate<\/td>\n<td style=\"height: 89px;width: 474.42px\">Port 1: DHCP Client<\/p>\n<p>Port 2: 192.168.0.1\/24, DHCP Server (192.168.0.10-192.168.0.20)<\/td>\n<td style=\"height: 89px;width: 114.125px\">ICMP-HTTP-HTTPS<\/td>\n<\/tr>\n<tr style=\"height: 35px\">\n<td style=\"height: 35px;width: 118.114px\">Web Term1(FMC)<\/td>\n<td style=\"height: 35px;width: 474.42px\">192.168.0.2\/24<\/td>\n<td style=\"height: 35px;width: 114.125px\">&#8211;<\/td>\n<\/tr>\n<tr style=\"height: 35px\">\n<td style=\"height: 35px;width: 118.114px\">Web Term2<\/td>\n<td style=\"height: 35px;width: 474.42px\">DHCP Client<\/td>\n<td style=\"height: 35px;width: 114.125px\">&#8211;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<ol>\n<li>FortiGate CLI Configuration for port2.\n<div class=\"textbox shaded\"><em>FGVM01TM19008000 # config system interface<\/em><br \/>\n<em>FGVM01TM19008000 (interface) # edit port2<\/em><br \/>\n<em>FGVM01TM19008000 (port2) # set ip 192.168.0.1\/24<\/em><br \/>\n<em>FGVM01TM19008000 (port2) # set allowaccess http https ping<\/em><br \/>\n<em>FGVM01TM19008000 (port2) # end<\/em><\/div>\n<\/li>\n<li>Go to Kali and Download the <a href=\"https:\/\/github.com\/GinjaChris\/pentmenu\">pentmenu repository<\/a> and run <strong>DOS<\/strong> &gt; <strong>UDP FLOOD<\/strong> &gt; <strong>Enter port1 IP address<\/strong> &gt; <strong>Port 443<\/strong>.<br \/>\n<figure id=\"attachment_214\" aria-describedby=\"caption-attachment-214\" style=\"width: 1053px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-457 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/2-5.jpg\" alt=\"Download and execute pentmenu script\" width=\"1053\" height=\"614\" \/><figcaption id=\"caption-attachment-214\" class=\"wp-caption-text\">Figure 7.2: Download and execute pentmenu script<\/figcaption><\/figure>\n<figure id=\"attachment_458\" aria-describedby=\"caption-attachment-458\" style=\"width: 600px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-458\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-4.jpg\" alt=\"Running UDP Flood\" width=\"600\" height=\"416\" \/><figcaption id=\"caption-attachment-458\" class=\"wp-caption-text\">Figure 7.3: Running UDP Flood<\/figcaption><\/figure>\n<\/li>\n<li>Go to <strong>Policy &amp; Object<\/strong> &gt; <strong>IPV4 DOS Policy<\/strong>:\n<ul>\n<li>Name: <strong>DOS<\/strong><\/li>\n<li>Incoming Interface: <strong>Port1<\/strong><\/li>\n<li>Source, Destination, Service: <strong>all<\/strong><\/li>\n<li><span style=\"background-color: #ffff00\">Enable logging<\/span><\/li>\n<li>L3 Anomalies: Status and Logging: <strong>Enable, Action Block<\/strong><\/li>\n<li>L4 Anomalies: Status and Logging: <strong>Enable, Action Block<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_214\" aria-describedby=\"caption-attachment-214\" style=\"width: 1227px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-459 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-5.jpg\" alt=\"IPv4 DoS Policy\" width=\"1227\" height=\"624\" \/><figcaption id=\"caption-attachment-214\" class=\"wp-caption-text\">Figure 7.4: IPv4 DoS Policy<\/figcaption><\/figure>\n<figure id=\"attachment_213\" aria-describedby=\"caption-attachment-213\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-213\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/5.jpg\" alt=\"IPv4 DOS Policy Settings\" width=\"500\" height=\"338\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5.jpg 891w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-300x203.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-768x519.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-65x44.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-225x152.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-350x236.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-213\" class=\"wp-caption-text\">Figure 7.5: IPv4 DOS Policy Settings<\/figcaption><\/figure>\n<\/li>\n<li>Now, start the attack again and go to <strong>Log &amp; Report<\/strong> &gt; <strong>Anomaly<\/strong>.<br \/>\n<figure id=\"attachment_214\" aria-describedby=\"caption-attachment-214\" style=\"width: 1265px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-214 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6.jpg\" alt=\"\" width=\"1265\" height=\"674\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6.jpg 1265w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-300x160.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-1024x546.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-768x409.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-65x35.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-225x120.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-350x186.jpg 350w\" sizes=\"auto, (max-width: 1265px) 100vw, 1265px\" \/><figcaption id=\"caption-attachment-214\" class=\"wp-caption-text\">Figure 7.6: View anomaly report<\/figcaption><\/figure>\n<p>Go to <strong>Dashboard<\/strong> &gt; <strong>Security<\/strong> &gt; <strong>Top Threats<\/strong> and verify your result.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1093\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/11111-1.png\" alt=\"\" width=\"1012\" height=\"733\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/11111-1.png 1012w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/11111-1-300x217.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/11111-1-768x556.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/11111-1-65x47.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/11111-1-225x163.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/11111-1-350x254.png 350w\" sizes=\"auto, (max-width: 1012px) 100vw, 1012px\" \/><\/li>\n<li>Go to FortiGate CLI and configure DOS Policy for ICMP_flood as follows:\n<div class=\"textbox shaded\" style=\"padding-left: 40px\">\n<p><em>FGVM01TM19008000 # config firewall DoS-policy<\/em><br \/>\n<em>FGVM01TM19008000 (DoS-policy) # edit 2<\/em><br \/>\n<em>FGVM01TM19008000 (2) # set interface &#8220;port1&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (2) # set srcaddr &#8220;all&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (2) # set dstaddr &#8220;all&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (2) # set service &#8220;ALL&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (2) # config anomaly<\/em><br \/>\n<em>FGVM01TM19008000 (anomaly) # edit &#8220;icmp_flood&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set status enable<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set log enable<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine attacker<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine-expiry 2m<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine-log disable<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set threshold 10<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # next<\/em><br \/>\n<em>FGVM01TM19008000 (anomaly) # end<\/em><br \/>\n<em>FGVM01TM19008000 (2) # end<\/em><\/p>\n<\/div>\n<\/li>\n<li>Go to Kali and run this command.\u00a0 <span style=\"background-color: #ffff00\">root@ubuntu:~# ping <strong>-c<\/strong> 2000 <strong>-i<\/strong> 0.01\u00a0 <em><strong>Port1-IP-Address<\/strong><\/em>.<\/span><\/li>\n<li><span style=\"background-color: #ffff00\">The first 10 packets were permitted, but the 11th packet exceeded the limit and triggered a block event. In this configuration, the FortiGate firewall applies a DoS protection policy on the internal interface to detect and mitigate ICMP flood attacks. The policy monitors all source and destination IP addresses across all services while using anomaly-based detection tailored specifically for ICMP traffic. Once the threshold of 10 packets is surpassed, the firewall automatically blocks further traffic, logs the incident, and quarantines the offending IP address for two minutes. This configuration strengthens the internal network\u2019s security posture by proactively identifying and preventing potential denial-of-service attempts caused by unusual spikes in ICMP activity.<\/span><\/li>\n<li>\n<figure id=\"attachment_214\" aria-describedby=\"caption-attachment-214\" style=\"width: 806px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-464 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-4.jpg\" alt=\"Verify DOS prevention\" width=\"806\" height=\"345\" \/><figcaption id=\"caption-attachment-214\" class=\"wp-caption-text\">Figure 7.8: Verify DOS prevention<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n","protected":false},"author":1562,"menu_order":1,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-217","chapter","type-chapter","status-publish","hentry"],"part":208,"_links":{"self":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/1562"}],"version-history":[{"count":20,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/217\/revisions"}],"predecessor-version":[{"id":1126,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/217\/revisions\/1126"}],"part":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/208"}],"metadata":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/217\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=217"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=217"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=217"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}