{"id":215,"date":"2022-04-06T00:36:03","date_gmt":"2022-04-06T04:36:03","guid":{"rendered":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/ddos-prevention\/"},"modified":"2023-08-29T17:43:15","modified_gmt":"2023-08-29T21:43:15","slug":"ddos-prevention","status":"publish","type":"chapter","link":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/ddos-prevention\/","title":{"raw":"7.1 DDoS Prevention","rendered":"7.1 DDoS Prevention"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\r\n<p class=\"textbox__title\">Learning Objectives<\/p>\r\n\r\n<\/header>\r\n<div class=\"textbox__content\">\r\n<ul>\r\n \t<li>Configure a DDoS prevention profile<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to set a DDoS Prevention on traffic from Port1 to Port2. In Kali, we are going to install a script to do a DOS attack and in the firewall, we will set a DDoS Prevention Policy to block DOS traffic.<\/div>\r\n\r\n[caption id=\"attachment_207\" align=\"aligncenter\" width=\"1207\"]<img class=\"wp-image-207 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/04\/1.jpg\" alt=\"DDoS Prevention main scenario\" width=\"1207\" height=\"504\" \/> Figure 7.1: Main scenario[\/caption]\r\n\r\n<div align=\"left\">\r\n<table class=\"aligncenter\" style=\"width: 100%;\"><caption>Table 7.1: Devices configuration<\/caption>\r\n<tbody>\r\n<tr style=\"height: 35px;\">\r\n<th style=\"height: 35px; width: 118.114px;\" scope=\"col\">Device<\/th>\r\n<th style=\"height: 35px; width: 474.42px;\" scope=\"col\">IP address<\/th>\r\n<th style=\"height: 35px; width: 114.125px;\" scope=\"col\">Access<\/th>\r\n<\/tr>\r\n<tr style=\"height: 35px;\">\r\n<td style=\"height: 35px; width: 118.114px;\">Kali1<\/td>\r\n<td style=\"height: 35px; width: 474.42px;\">DHCP Client<\/td>\r\n<td style=\"height: 35px; width: 114.125px;\">-<\/td>\r\n<\/tr>\r\n<tr style=\"height: 89px;\">\r\n<td style=\"height: 89px; width: 118.114px;\">FortiGate<\/td>\r\n<td style=\"height: 89px; width: 474.42px;\">Port 1: DHCP Client\r\n\r\nPort 2: 192.168.0.1\/24, DHCP Server (192.168.0.10-192.168.0.20)<\/td>\r\n<td style=\"height: 89px; width: 114.125px;\">ICMP-HTTP-HTTPS<\/td>\r\n<\/tr>\r\n<tr style=\"height: 35px;\">\r\n<td style=\"height: 35px; width: 118.114px;\">WebTerm1 (FMC)<\/td>\r\n<td style=\"height: 35px; width: 474.42px;\">192.168.0.2\/24<\/td>\r\n<td style=\"height: 35px; width: 114.125px;\">-<\/td>\r\n<\/tr>\r\n<tr style=\"height: 35px;\">\r\n<td style=\"height: 35px; width: 118.114px;\">WebTerm2<\/td>\r\n<td style=\"height: 35px; width: 474.42px;\">DHCP Client<\/td>\r\n<td style=\"height: 35px; width: 114.125px;\">-<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<\/div>\r\n<ol>\r\n \t<li>FortiGate CLI Configuration for port2.\r\n<div class=\"textbox shaded\"><em>FGVM01TM19008000 # config system interface<\/em>\r\n<em>FGVM01TM19008000 (interface) # edit port2<\/em>\r\n<em>FGVM01TM19008000 (port2) # set ip 192.168.0.1\/24<\/em>\r\n<em>FGVM01TM19008000 (port2) # set allowaccess http https ping<\/em>\r\n<em>FGVM01TM19008000 (port2) # end<\/em><\/div><\/li>\r\n \t<li>Go to Kali and Download the <a href=\"https:\/\/github.com\/GinjaChris\/pentmenu\">pentmenu repository<\/a> and run <strong>DOS<\/strong> &gt; <strong>UDP FLOOD<\/strong> &gt; <strong>Enter port1 IP address<\/strong> &gt; <strong>Port 443<\/strong>.\r\n\r\n[caption id=\"attachment_209\" align=\"aligncenter\" width=\"1053\"]<img class=\"wp-image-208 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5.jpg\" alt=\"Download and execute pentmenu script\" width=\"1053\" height=\"614\" \/> Figure 7.2: Download and execute pentmenu script[\/caption]\r\n\r\n[caption id=\"attachment_209\" align=\"aligncenter\" width=\"600\"]<img class=\"wp-image-209\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/3-4.jpg\" alt=\"Running UDP Flood\" width=\"600\" height=\"416\" \/> Figure 7.3: Running UDP Flood[\/caption]<\/li>\r\n \t<li>Go to <strong>Policy &amp; Object<\/strong> &gt; <strong>IPV4 DOS Policy<\/strong>:\r\n<ul>\r\n \t<li>Name: <strong>DOS<\/strong><\/li>\r\n \t<li>Incoming Interface: <strong>Port1<\/strong><\/li>\r\n \t<li>Source, Destination, Service: <strong>all<\/strong><\/li>\r\n \t<li>L3 Anomalies: Status and Logging: <strong>Enable, Action Block<\/strong><\/li>\r\n \t<li>L4 Anomalies: Status and Logging: <strong>Enable, Action Block<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_211\" align=\"aligncenter\" width=\"1227\"]<img class=\"wp-image-210 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5.jpg\" alt=\"IPv4 DoS Policy\" width=\"1227\" height=\"624\" \/> Figure 7.4: IPv4 DoS Policy[\/caption]\r\n\r\n[caption id=\"attachment_211\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-211\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/5.jpg\" alt=\"IPv4 DOS Policy Settings\" width=\"500\" height=\"338\" \/> Figure 7.5: IPv4 DOS Policy Settings[\/caption]<\/li>\r\n \t<li>Now, start the attack again and go to <strong>Log &amp; Report<\/strong> &gt; <strong>Anomaly<\/strong>.\r\n\r\n[caption id=\"attachment_213\" align=\"alignnone\" width=\"1265\"]<img class=\"wp-image-212 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/6.jpg\" alt=\"\" width=\"1265\" height=\"674\" \/> Figure 7.6: View anomaly report[\/caption]\r\n\r\nGo to <strong>Dashboard<\/strong> &gt; <strong>Security<\/strong> &gt; <strong>Top Threats<\/strong> and verify your result.\r\n\r\n[caption id=\"attachment_213\" align=\"alignnone\" width=\"1130\"]<img class=\"wp-image-213 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141.jpg\" alt=\"\" width=\"1130\" height=\"444\" \/> Figure 7.7: Verify result[\/caption]<\/li>\r\n \t<li>Go to FortiGate CLI and configure DOS Policy for ICMP_flood as follows:\r\n<div class=\"textbox shaded\" style=\"padding-left: 40px;\">\r\n\r\n<em>FGVM01TM19008000 # config firewall DoS-policy<\/em>\r\n<em>FGVM01TM19008000 (DoS-policy) # edit 2<\/em>\r\n<em>FGVM01TM19008000 (2) # set interface \"port1\"<\/em>\r\n<em>FGVM01TM19008000 (2) # set srcaddr \"all\"<\/em>\r\n<em>FGVM01TM19008000 (2) # set dstaddr \"all\"<\/em>\r\n<em>FGVM01TM19008000 (2) # set service \"ALL\"<\/em>\r\n<em>FGVM01TM19008000 (2) # config anomaly<\/em>\r\n<em>FGVM01TM19008000 (anomaly) # edit \"icmp_flood\"<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set status enable<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set log enable<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine attacker<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine-expiry 2m<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine-log disable<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # set threshold 10<\/em>\r\n<em>FGVM01TM19008000 (icmp_flood) # next<\/em>\r\n<em>FGVM01TM19008000 (anomaly) # end<\/em>\r\n<em>FGVM01TM19008000 (2) # end<\/em>\r\n\r\n<\/div><\/li>\r\n \t<li>Go to Kali and run this command. First, 10 packets were allowed, and the 11th packet triggered the following block.root@ubuntu:~# ping <strong>-c<\/strong> 2000 <strong>-i<\/strong> 0.01\u00a0 <em><strong>Port1-IP-Address<\/strong><\/em>.\r\n\r\n[caption id=\"attachment_214\" align=\"alignnone\" width=\"806\"]<img class=\"wp-image-214 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/8-4.jpg\" alt=\"Verify DOS prevention\" width=\"806\" height=\"345\" \/> Figure 7.8: Verify DOS prevention[\/caption]<\/li>\r\n<\/ol>","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li>Configure a DDoS prevention profile<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to set a DDoS Prevention on traffic from Port1 to Port2. In Kali, we are going to install a script to do a DOS attack and in the firewall, we will set a DDoS Prevention Policy to block DOS traffic.<\/div>\n<figure id=\"attachment_207\" aria-describedby=\"caption-attachment-207\" style=\"width: 1207px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-207 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/04\/1.jpg\" alt=\"DDoS Prevention main scenario\" width=\"1207\" height=\"504\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/04\/1.jpg 1207w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/04\/1-300x125.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/04\/1-1024x428.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/04\/1-768x321.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/04\/1-65x27.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/04\/1-225x94.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/04\/1-350x146.jpg 350w\" sizes=\"auto, (max-width: 1207px) 100vw, 1207px\" \/><figcaption id=\"caption-attachment-207\" class=\"wp-caption-text\">Figure 7.1: Main scenario<\/figcaption><\/figure>\n<div style=\"text-align: left;\">\n<table class=\"aligncenter\" style=\"width: 100%;\">\n<caption>Table 7.1: Devices configuration<\/caption>\n<tbody>\n<tr style=\"height: 35px;\">\n<th style=\"height: 35px; width: 118.114px;\" scope=\"col\">Device<\/th>\n<th style=\"height: 35px; width: 474.42px;\" scope=\"col\">IP address<\/th>\n<th style=\"height: 35px; width: 114.125px;\" scope=\"col\">Access<\/th>\n<\/tr>\n<tr style=\"height: 35px;\">\n<td style=\"height: 35px; width: 118.114px;\">Kali1<\/td>\n<td style=\"height: 35px; width: 474.42px;\">DHCP Client<\/td>\n<td style=\"height: 35px; width: 114.125px;\">&#8211;<\/td>\n<\/tr>\n<tr style=\"height: 89px;\">\n<td style=\"height: 89px; width: 118.114px;\">FortiGate<\/td>\n<td style=\"height: 89px; width: 474.42px;\">Port 1: DHCP Client<\/p>\n<p>Port 2: 192.168.0.1\/24, DHCP Server (192.168.0.10-192.168.0.20)<\/td>\n<td style=\"height: 89px; width: 114.125px;\">ICMP-HTTP-HTTPS<\/td>\n<\/tr>\n<tr style=\"height: 35px;\">\n<td style=\"height: 35px; width: 118.114px;\">WebTerm1 (FMC)<\/td>\n<td style=\"height: 35px; width: 474.42px;\">192.168.0.2\/24<\/td>\n<td style=\"height: 35px; width: 114.125px;\">&#8211;<\/td>\n<\/tr>\n<tr style=\"height: 35px;\">\n<td style=\"height: 35px; width: 118.114px;\">WebTerm2<\/td>\n<td style=\"height: 35px; width: 474.42px;\">DHCP Client<\/td>\n<td style=\"height: 35px; width: 114.125px;\">&#8211;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<ol>\n<li>FortiGate CLI Configuration for port2.\n<div class=\"textbox shaded\"><em>FGVM01TM19008000 # config system interface<\/em><br \/>\n<em>FGVM01TM19008000 (interface) # edit port2<\/em><br \/>\n<em>FGVM01TM19008000 (port2) # set ip 192.168.0.1\/24<\/em><br \/>\n<em>FGVM01TM19008000 (port2) # set allowaccess http https ping<\/em><br \/>\n<em>FGVM01TM19008000 (port2) # end<\/em><\/div>\n<\/li>\n<li>Go to Kali and Download the <a href=\"https:\/\/github.com\/GinjaChris\/pentmenu\">pentmenu repository<\/a> and run <strong>DOS<\/strong> &gt; <strong>UDP FLOOD<\/strong> &gt; <strong>Enter port1 IP address<\/strong> &gt; <strong>Port 443<\/strong>.<br \/>\n<figure id=\"attachment_209\" aria-describedby=\"caption-attachment-209\" style=\"width: 1053px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-208 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5.jpg\" alt=\"Download and execute pentmenu script\" width=\"1053\" height=\"614\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5.jpg 1053w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5-300x175.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5-1024x597.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5-768x448.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5-65x38.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5-225x131.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/2-5-350x204.jpg 350w\" sizes=\"auto, (max-width: 1053px) 100vw, 1053px\" \/><figcaption id=\"caption-attachment-209\" class=\"wp-caption-text\">Figure 7.2: Download and execute pentmenu script<\/figcaption><\/figure>\n<figure id=\"attachment_209\" aria-describedby=\"caption-attachment-209\" style=\"width: 600px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-209\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/3-4.jpg\" alt=\"Running UDP Flood\" width=\"600\" height=\"416\" \/><figcaption id=\"caption-attachment-209\" class=\"wp-caption-text\">Figure 7.3: Running UDP Flood<\/figcaption><\/figure>\n<\/li>\n<li>Go to <strong>Policy &amp; Object<\/strong> &gt; <strong>IPV4 DOS Policy<\/strong>:\n<ul>\n<li>Name: <strong>DOS<\/strong><\/li>\n<li>Incoming Interface: <strong>Port1<\/strong><\/li>\n<li>Source, Destination, Service: <strong>all<\/strong><\/li>\n<li>L3 Anomalies: Status and Logging: <strong>Enable, Action Block<\/strong><\/li>\n<li>L4 Anomalies: Status and Logging: <strong>Enable, Action Block<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_211\" aria-describedby=\"caption-attachment-211\" style=\"width: 1227px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-210 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5.jpg\" alt=\"IPv4 DoS Policy\" width=\"1227\" height=\"624\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5.jpg 1227w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5-300x153.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5-1024x521.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5-768x391.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5-65x33.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5-225x114.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/4-5-350x178.jpg 350w\" sizes=\"auto, (max-width: 1227px) 100vw, 1227px\" \/><figcaption id=\"caption-attachment-211\" class=\"wp-caption-text\">Figure 7.4: IPv4 DoS Policy<\/figcaption><\/figure>\n<figure id=\"attachment_211\" aria-describedby=\"caption-attachment-211\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-211\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/5.jpg\" alt=\"IPv4 DOS Policy Settings\" width=\"500\" height=\"338\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/5.jpg 891w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/5-300x203.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/5-768x519.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/5-65x44.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/5-225x152.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/5-350x236.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-211\" class=\"wp-caption-text\">Figure 7.5: IPv4 DOS Policy Settings<\/figcaption><\/figure>\n<\/li>\n<li>Now, start the attack again and go to <strong>Log &amp; Report<\/strong> &gt; <strong>Anomaly<\/strong>.<br \/>\n<figure id=\"attachment_213\" aria-describedby=\"caption-attachment-213\" style=\"width: 1265px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-212 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/6.jpg\" alt=\"\" width=\"1265\" height=\"674\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/6.jpg 1265w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/6-300x160.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/6-1024x546.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/6-768x409.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/6-65x35.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/6-225x120.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/6-350x186.jpg 350w\" sizes=\"auto, (max-width: 1265px) 100vw, 1265px\" \/><figcaption id=\"caption-attachment-213\" class=\"wp-caption-text\">Figure 7.6: View anomaly report<\/figcaption><\/figure>\n<p>Go to <strong>Dashboard<\/strong> &gt; <strong>Security<\/strong> &gt; <strong>Top Threats<\/strong> and verify your result.<\/p>\n<figure id=\"attachment_213\" aria-describedby=\"caption-attachment-213\" style=\"width: 1130px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-213 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141.jpg\" alt=\"\" width=\"1130\" height=\"444\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141.jpg 1130w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141-300x118.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141-1024x402.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141-768x302.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141-65x26.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141-225x88.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-141-350x138.jpg 350w\" sizes=\"auto, (max-width: 1130px) 100vw, 1130px\" \/><figcaption id=\"caption-attachment-213\" class=\"wp-caption-text\">Figure 7.7: Verify result<\/figcaption><\/figure>\n<\/li>\n<li>Go to FortiGate CLI and configure DOS Policy for ICMP_flood as follows:\n<div class=\"textbox shaded\" style=\"padding-left: 40px;\">\n<p><em>FGVM01TM19008000 # config firewall DoS-policy<\/em><br \/>\n<em>FGVM01TM19008000 (DoS-policy) # edit 2<\/em><br \/>\n<em>FGVM01TM19008000 (2) # set interface &#8220;port1&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (2) # set srcaddr &#8220;all&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (2) # set dstaddr &#8220;all&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (2) # set service &#8220;ALL&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (2) # config anomaly<\/em><br \/>\n<em>FGVM01TM19008000 (anomaly) # edit &#8220;icmp_flood&#8221;<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set status enable<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set log enable<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine attacker<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine-expiry 2m<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set quarantine-log disable<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # set threshold 10<\/em><br \/>\n<em>FGVM01TM19008000 (icmp_flood) # next<\/em><br \/>\n<em>FGVM01TM19008000 (anomaly) # end<\/em><br \/>\n<em>FGVM01TM19008000 (2) # end<\/em><\/p>\n<\/div>\n<\/li>\n<li>Go to Kali and run this command. First, 10 packets were allowed, and the 11th packet triggered the following block.root@ubuntu:~# ping <strong>-c<\/strong> 2000 <strong>-i<\/strong> 0.01\u00a0 <em><strong>Port1-IP-Address<\/strong><\/em>.<br \/>\n<figure id=\"attachment_214\" aria-describedby=\"caption-attachment-214\" style=\"width: 806px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-214 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/8-4.jpg\" alt=\"Verify DOS prevention\" width=\"806\" height=\"345\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/8-4.jpg 806w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/8-4-300x128.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/8-4-768x329.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/8-4-65x28.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/8-4-225x96.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/8-4-350x150.jpg 350w\" sizes=\"auto, (max-width: 806px) 100vw, 806px\" \/><figcaption id=\"caption-attachment-214\" class=\"wp-caption-text\">Figure 7.8: Verify DOS prevention<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n","protected":false},"author":124,"menu_order":1,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-215","chapter","type-chapter","status-publish","hentry"],"part":206,"_links":{"self":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/124"}],"version-history":[{"count":2,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/215\/revisions"}],"predecessor-version":[{"id":562,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/215\/revisions\/562"}],"part":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/206"}],"metadata":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/215\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=215"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=215"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=215"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}