Installation & Initial Configuration
Performing a sanity test
FortiDDoS v3.2 Installation Guide
28-320-183686-20130401
18
•
• VID Number
This corresponds to the actual VID number.
• Alternate VID Number
This corresponds to the alternate VID number. An alternate VID is a VID where
the subnet is transferred once the traffic to the subnet exceeds the Threshold
(below)
• Threshold
The threshold corresponds to the packet rate beyond which the subnet is
moved to Alternate VID number. If the traffic goes below this threshold for a
preconfigured time period, it goes back to the (original) VID Number. The timeout
is defined in the same screen in a different fieldset. This feature can be enabled
or disabled by switching the check-box
Allow VID Switching based on
thresholds
to off or on.
• Comment
For a detailed description of VID configuration, please refer to the
Web-based Manager
Administration Guide
.
Performing a sanity test
The following steps can serve as a simple demonstration of how FortiDDoS devices
block traffic. To run the demo, the network configuration should be in
serial
prevention
mode as shown in
. The protected server should respond to
ICMP Echo (ping) packets, and a connected system upstream must be capable of
generating a series of ICMP Echo Request packets.
Figure 13:
Ping test configuration
Steps for
performing a ping
test
1
Configure the FortiDDoS device threshold for ping to 5 packets per second.
To do this, click
Configure > Current VID > Blocking Threshold > Layer 3 > Protocols
from the main menu. You set the ICMP threshold here because it is in the Layer 3
packet that you determine the type of protocol to use. In this case, you will set a
threshold for ICMP packets, which corresponds to protocol number 1. Refer to
Set your inbound and outbound thresholds for ICMP to 5 packets per second.
Summary of Contents for FortiDDoS
Page 1: ...FortiDDoS v3 2 Installation Guide ...
Page 37: ......