beautypg.com

5 dos-control l4port, 6 dos-control tcpport – Fortinet 548B User Manual

Page 304

background image

- 304 -

Default Setting

Disabled

Command Mode

Global Config

7.13.2.5 dos-control l4port

This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of
Service prevention is active for this type of attack. If packets ingress having Source TCP/UDP
Port Number equal to Destination TCP/UDP Port Number, the packets will be dropped if the
mode is enabled.

!

Some applications mirror source and destination L4 ports - RIP for example uses 520 for
both. If you enable dos-control l4port, applications such as RIP may experience packet
loss which would render the application inoperable.

Syntax

dos-control l4port
no dos-control l4port

no - This command disables L4 Port Denial of Service protections.

Default Setting

Disabled

Command Mode

Global Config

7.13.2.6 dos-control tcpport

This command enables the TCP L4 source = destination port number (Source TCP Port = Destination
TCP Port) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for
this type of attack. If packets ingress with Source TCP Port =Destination TCP Port, the packets will be
dropped if the mode is enabled.

Syntax

dos-control tcpport
no dos-control tcpport