UserGate supports granular settings to protect networks from network flooding (for TCP (SYN-flood), UDP, ICMP). Preliminary settings can be configured in the zone properties (see section Configuring zones) while more precise settings are available in this section. Using the DoS protection rules, administrators can provide specific settings to protect a given service, protocol or application from DoS attacks. To create DoS protection rules, the administrator must perform the following steps:
|
Name |
Description |
|---|---|
|
Step 1. Create DoS profile |
Go to Security policies-->DoS profiles, click Add and create one or more DoS profiles. |
|
Step 2. Create DoS rule |
Go to Security policies-->DoS rules, click Add and create one or more DoS rules. Use DoS profiles created on the previous step. |
To create a DoS profile, go to Security policies-->DoS profiles, click Add and fill out the following fields:
|
Name |
Description |
|---|---|
|
Name |
Name of the profile. |
|
Description |
Description of the profile. |
|
Aggregate |
This option sets whether UserGate will be summing up packets per second for all IP addresses of the traffic source or counting them individually for each IP address. When this option is active, make sure to specify large values for packets per second on the DoS protection and Resource protection tabs. |
|
DoS protection |
Specify the following DoS protection parameters in the zone for the TCP (SYN-flood), UDP and ICMP protocols:
|
|
Resource protection |
This option allows you to limit the maximum number of sessions per protected resource, e.g. published server:
|
To create a new DoS protection rule, click Security policies-->DoS rules, click Add and specify the following parameters.
Important! Rules are applied from top to bottom in the same order as they are displayed in the console. The system always applies only the first rule for which all criteria are met. This means that the most specific rules must be in the upper part of the list, while the broader rules must be in the bottom. If you want to change the order of rules, use the Up/Down buttons.
Important! The rule will be applied only when all its specific conditions are met. The Negate checkbox makes the condition opposite to the initial condition, i.e. corresponds to logical negation (NOT).
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables a rule |
|
Name |
Rule name |
|
Description |
Description of a rule |
|
Action |
Block -- blocks the traffic without any conditions (similar to firewall rules). Allow -- allows the traffic flows, but without any DoS protection. This option can be used for creating exclusions. Protect -- enables protection with the selected DoS profile. |
|
DoS profile |
If action is protect, chose one of the created DoS profiles. |
|
Scenarios |
It indicates a scenario that must be active for applying the rule. For more details on scenarios, please refer to Scenarios. Important! A scenario represents an additional condition. If the scenario is not activated (i.e. one or more its triggers are not launched), the rule will not be applied. |
|
Enable logging |
Logs information about traffic when a rule is triggered. The following modes can be used:
|
|
Source |
Zone(s) and IP addresses of the traffic source |
|
Users |
List of users and groups of users to which this rule will be applied. You can add users of the Any, Unknown, Known type. To apply rules to individual users or user of the Known type, make sure to set up authentication properly. For more details on user identification, please refer to Users and devices. |
|
Destination |
A destination zone and/or a list of destination IP addresses for the traffic. |
|
Service |
Service type, e.g. HTTP or HTTPS |
|
Time |
Time ranges when rule is active. |