config fp-anomaly-v4
|
Configure how the NP6 processor does IPv4 traffic anomaly protection. You can configure the NP6 pro- cessor to allow or drop the packets associated with
icmp-land {allow | drop |
trap-to-host}
Detects ICMP land anomalies. trap-to-host
ipv4-land {allow | drop |
trap-to-host}
Detects IPv4 land anomalies. trap-to-host
ipv4-optlsrr {allow |
drop | trap-to-host}
Detects IPv4 with loose source record route option anomalies.
trap-to-host
ipv4-optrr {allow | drop
| trap-to-host}
ipv4-optsecurity {allow |
drop | trap-to-host}
Detects IPv4 with record route option anomalies. trap-to-host
Detects security option anomalies. trap-to-host
ipv4-optssrr {allow |
drop | trap-to-host}
Detects IPv4 with strict source record route option anomalies.
trap-to-host
ipv4-optstream {allow |
drop | trap-to-host}
Detects stream option anomalies. trap-to-host
ipv4-opttimestamp {allow
| drop | trap-to-host}
ipv4-proto-err {allow |
drop | trap-to-host}
Detects timestamp option anomalies. trap-to-host
Detects invalid layer 4 protocol anomalies. trap-to-host
ipv4-unknopt {allow |
drop | trap-to-host}
Detects unknown option anomalies. trap-to-host
Command Description Default
tcp-land {allow | drop |
trap-to-host}
Detects TCP land anomalies. trap-to-host
tcp-syn-fin {allow | drop
| trap-to-host}
tcp-winnuke {allow | drop
| trap-to-host}
Detects TCP SYN flood SYN/FIN flag set anomalies. allow
Detects TCP WinNuke anomalies. trap-to-host
tcp_fin_noack {allow |
drop | trap-to-host}
tcp_fin_only {allow |
drop | trap-to-host}
Detects TCP SYN flood with FIN flag set without
ACK setting anomalies.
Detects TCP SYN flood with only FIN flag set anom- alies. trap-to-host
trap-to-host
tcp_no_flag {allow | drop
| trap-to-host}
Detects TCP SYN flood with no flag set anomalies. allow
tcp_syn_data {allow |
drop | trap-to-host}
Detects TCP SYN flood packets with data anom- alies.
allow
udp-land {allow | drop |
trap-to-host}
Detects UDP land anomalies. trap-to-host
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!