Installation & Initial Configuration
Performing a sanity test
FortiDDoS v3.2 Installation Guide
28-320-183686-20130401
19
•
Figure 14:
Blocking Conditions for ICMP for Ping Test
You must click
Save
in the screen above the Layer 3 Classifier table to record your
settings in the system. The system may pause for a few seconds before confirming
that the new values have been updated.
2
Generating ICMP (ping) traffic
From the PC/Workstation, generate a small, controlled flood of 100 ICMP Echo
(ping) packets directed to the protected system. In UNIX/LINUX, the command line
input will look like this:
ping –c 100 –i 0.1 AA.BB.CC.DD
(where
AA.BB.CC.DD
represents the IP
address of the protected system)
The command above will generate an ICMP Echo Request (ping) packet to the
specified address every 0.1 seconds until 100 packets are sent. This is the
equivalent of 10 packets per second for 10 seconds.
Following is a screen capture from an actual ping flood test. Notice that the first few
pings are allowed to pass and receive a response. As soon as the rate per second
rises above the threshold, (somewhere in the first 11 packets) the FortiDDoS device
blocks all ICMP packets for the 10 second threshold. After the blocking period,
ICMP packets are again allowed until the threshold is reached.
In the sequence below, this is reflected by responses to the first 7 ping requests,
followed by no response to the next 80 packets (blocked by the appliance). Then
packets 87-93 are allowed before the threshold is again reached.
[root@client1 win]# ping -c 100 -i 0.1 172.16.0.50
PING 172.16.0.50 (172.16.0.50) 56(84) bytes of data.
64 bytes from 172.16.0.50: icmp_seq=1 ttl=64 time=0.503 ms
64 bytes from 172.16.0.50: icmp_seq=2 ttl=64 time=0.307 ms
Summary of Contents for FortiDDoS
Page 1: ...FortiDDoS v3 2 Installation Guide ...
Page 37: ......