Installation & Initial Configuration
Assigning Virtual Identifiers (VIDs) to protect systems
FortiDDoS v3.2 Installation Guide
28-320-183686-20130401
16
•
Choose No Bypass in case you want the existing mode to continue without updated
thresholds - implies no continuous learning and adaptive prevention/detection.
To set the Bypass Mode of the appliance, click
Configure > Global > Operating Mode
.
above.
In
Bypass Mode section
,
select one of the above bypass modes.
Click
Save
.
Configuring
emergency
bypass mode
At certain times, to eliminate the possibility of malfunction of the FortiDDoS device,
you may want to bypass the device logic while keeping the device inline. To achieve
such a functionality, you can keep the appliance in Emergency Bypass Mode. This
ensures that the packets which arrive at ingress ports are simply transferred to the
corresponding egress ports - just like a wire.
To set the Emergency Bypass Mode of the appliance, click
Configure > Global >
Operating Mode
above.
In
Emergency Bypass Mode
section
,
click on the checkbox for
Emergency Bypass
.
Click
Save
.
Configuring link
down
synchronization
or link state
propagation
Link Down Synchronization lets you configure FortiDDoS device to force the partner
link down on a segment when one of the links goes down. The device monitors the link
state for a pair of ports which are protecting a segment. These correspond to LAN 1
(connected to LAN) or WAN 1 (connected to the Internet). Similarly for Dual WAN Link
mode, these ports correspond to LAN 2 and WAN 2.
If the link goes down on either port, the partner port is disabled. Link Down
Synchronization once enabled, propagates the link state across the FortiDDoS device.
This is the default functionality. If you want to disable this functionality, you must select
Hub mode.
This feature is not useful when using bypass switches and must be set to HUB mode
instead of default WIRE mode.
To enable Link Down Synchronization, you don’t have to make any changes. It is set as
the factory default.
To set the Link Down Synchronization to Hub Mode, click
Configure > Global > Link
Down Synchronization
.
In
Link Down Synchronization
section
,
click on the radio button for
Hub
.
Type
yes
in the text box and press
OK
.
Assigning Virtual Identifiers (VIDs) to protect systems
Virtual Identifiers (VIDs) enable you to “virtualize” the device to behave as if it were
multiple physical appliances with each appliance conforming to a single
server/network.
Because each networked system has different traffic characteristics, the FortiDDoS
device allows you to build a unique profile for each server/network you want to protect.
Note:
Changes to Link Down Synchronization requires restarting the services - which leads to
some downtime. Please plan for the downtime.
Содержание FortiDDoS
Страница 1: ...FortiDDoS v3 2 Installation Guide ...
Страница 37: ......