5 dos-control l4port, 6 dos-control tcpport – Fortinet 548B User Manual
Page 304
- 304 -
Default Setting
Disabled
Command Mode
Global Config
7.13.2.5 dos-control l4port
This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of
Service prevention is active for this type of attack. If packets ingress having Source TCP/UDP
Port Number equal to Destination TCP/UDP Port Number, the packets will be dropped if the
mode is enabled.
!
Some applications mirror source and destination L4 ports - RIP for example uses 520 for
both. If you enable dos-control l4port, applications such as RIP may experience packet
loss which would render the application inoperable.
Syntax
dos-control l4port
no dos-control l4port
no - This command disables L4 Port Denial of Service protections.
Default Setting
Disabled
Command Mode
Global Config
7.13.2.6 dos-control tcpport
This command enables the TCP L4 source = destination port number (Source TCP Port = Destination
TCP Port) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for
this type of attack. If packets ingress with Source TCP Port =Destination TCP Port, the packets will be
dropped if the mode is enabled.
Syntax
dos-control tcpport
no dos-control tcpport