config fp-anomaly-v6
fp-anomaly-v6 Configure how the NP6 processor does IPv6 traffic anomaly protection. You can configure the NP6 pro- cessor to allow or drop the packets associated with an attack or forward the packets that are associated with the attack to FortiOS (called “trap-to-host”). Selecting “trap-to-host” turns off NP6 anomaly pro- tection for that anomaly. If you require anomaly pro- tection you can enable it with a DoS policy.
ipv6-daddr_err {allow |
drop | trap-to-host}
Detects destination address as unspecified or loop- back address anomalies.
trap-to-host
ipv6-land {allow | drop |
trap-to-host}
ipv6-optendpid {allow |
drop | trap-to-host}
Detects IPv6 land anomalies trap-to-host
Detects end point identification anomalies. trap-to-host
ipv6-opthomeaddr {allow |
drop | trap-to-host}
Detects home address option anomalies. trap-to-host
Command Description Default
ipv6-optinvld {allow |
drop | trap-to-host}
Detects invalid option anomalies. trap-to-host
ipv6-optjumbo {allow |
drop | trap-to-host}
Detects jumbo options anomalies. trap-to-host
ipv6-optnsap {allow |
drop | trap-to-host}
Detects network service access point address option anomalies.
trap-to-host
ipv6-optralert {allow |
drop | trap-to-host}
ipv6-opttunnel {allow |
drop | trap-to-host}
Detects router alert option anomalies. trap-to-host
Detects tunnel encapsulation limit option anomalies. trap-to-host
ipv6-proto-err {allow |
drop | trap-to-host}
ipv6-saddr_err {allow |
drop | trap-to-host}
Detects layer 4 invalid protocol anomalies. trap-to-host
Detects source address as multicast anomalies. trap-to-host
ipv6-unknopt {allow |
drop | trap-to-host}
Detects unknown option anomalies. trap-to-host
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!