DDoS attacks are designed to overwhelm the devices, services, and network of their intended target with fake internet traffic, thereby making them inaccessible to legitimate users or making them unusable. Below showed some common types of DDoS attack.
Types of DDoS attacks
Example
Volume-based attacks
UDP flood attack
Protocol-based (layer-3/4) attacks
SYN flood attack
Application-based (layer-7) attacks
Slowloris attack
Some tips on Fortinet and Palo Alto Firewalls to mitigate DDoS Protection :
A. Fortinet
Prerequisites :
Technical staff requires to understand the average and peak number of concurrent sessions / packets per second (PPS) that can be handled by the systems you want to protect.
Supported firewall models :
All software versions of FortiGate firewall
Recommended DDoS protection :
Based on the recommended threshold and your above figures, apply DoS policies and configure L3/4 anomalies to mitigate attacks.
DoS policies : Create DoS policy (Policy & Objects > IPv4 DoS Policy or Policy & Objects > IPv6 DoS Policy)
L3/4 anomalies :
Concurrent Sessions : For thresholds based on the number of concurrent sessions, blocking the anomaly will not allow more than the number of concurrent sessions to be set as the threshold.
Packets per second (PPS) : For rate based thresholds, where the threshold is measured in packets per second, the Block action prevents anomalous traffic from overwhelming the firewall in two ways:
continuous: Block packets once an anomaly is detected, and continue to block packets while the rate is above the threshold. This is the default setting.
periodical: After an anomaly is detected, allow the configured number of packets per second.
Technical staff requires to understand the average and peak baseline connections-per-second (CPS) of the critical servers and zones you want to protect.
Supported firewall models :
PA-5220, PA-5250 and PA-7000 series hardware firewall
Recommended DDoS protection :
Based on your above figures, apply DoS and Zone Protection and enable Packet Buffer Protection to mitigate attacks.
Zone Protection : Create Zone Protection profiles (Network > Network Profiles > Zone Protection) and apply them to defend each zone.
DoS Protection : Consists of DoS protection policy rules and DoS protection profiles
DoS Protection policy rules (Policies > DoS Protection), which specify the devices, users, zones, and services that define the traffic you want to protect from DoS attacks.
DoS Protection profiles (Objects > Security Profiles > DoS Protection), which set flood thresholds for different types of traffic. Then add a DoS Protection profile to a DoS Protection policy rule.
Packet Buffer Protection : Enable Packet Buffer Protection globally to protect the firewall buffers from single-session DoS attacks