Configuring Anti-DoS Profiles

Purpose: Configure Anti-DoS profiles to create thresholds for Cloud Edge to limit the number of packets per second that can flood a server.

Location: Policies > SECURITY PROFILES > Security Profiles > Anti-DoS

  1. Configure flood protection.

    Configure Cloud Edge to forward packets through Cloud Edge and divide them into TCP SYN, UDP, and ICMP flood protection categories.

    • TCP SYN

      Transmission Control Protocol/Synchronous Transmission

    • UDP

      User Datagram Protocol

    • ICMP

      Internet Control Message Protocol

  2. Configure address exceptions.
    1. Add IP addresses that Cloud Edge maintains in the exception source address list.

      Cloud Edge supports IPv4 and IPv6 address exceptions if the Cloud Edge gateway is running in Bridge Mode or as a Software Switch deployment.

      You must configure IPv4 address exceptions for Routing Mode deployments.

      Example of how to specify an address object:

      • Single IPv4 / IPv6 address: / fd00:1:1111:200::1000

      • IPv4 / IPv6 addresses range: / fd00:1:1111:200::1000-fd00:1:1111:200::1fff

      • IPv4 / IPv6 CIDR: / fd00:1:1111:200::1000/116

    2. Select the traffic types.