Operation: Configuration DOS Settings
Description: Configure settings to provide protection against different types of Denial of Service(DoS) attacks. 

Sample Configuration
<DoSSettings> <SYNFlood> <Source> <PacketRatePerSource>12000</PacketRatePerSource> <BurstRatePerSource>100</BurstRatePerSource> <ApplyFlag>Enable/Disable</ApplyFlag> </Source> <Destination> <PacketRatePerDestination>12000</PacketRatePerDestination> <BurstRatePerDestination>100</BurstRatePerDestination> <ApplyFlag>Enable/Disable</ApplyFlag> </Destination> </SYNFlood> <UDPFlood> <Source> <PacketRatePerSource>12000</PacketRatePerSource> <BurstRatePerSource>100</BurstRatePerSource> <ApplyFlag>Enable/Disable</ApplyFlag> </Source> <Destination> <PacketRatePerDestination>18000</PacketRatePerDestination> <BurstRatePerDestination>100</BurstRatePerDestination> <ApplyFlag>Enable/Disable</ApplyFlag> </Destination> </UDPFlood> <TCPFlood> <Source> <PacketRatePerSource>12000</PacketRatePerSource> <BurstRatePerSource>100</BurstRatePerSource> <ApplyFlag>Enable/Disable</ApplyFlag> </Source> <Destination> <PacketRatePerDestination>12000</PacketRatePerDestination> <BurstRatePerDestination>100</BurstRatePerDestination> <ApplyFlag>Enable/Disable</ApplyFlag> </Destination> </TCPFlood> <ICMPFlood> <Source> <PacketRatePerSource>120</PacketRatePerSource> <BurstRatePerSource>100</BurstRatePerSource> <ApplyFlag>Enable/Disable</ApplyFlag> </Source> <Destination> <PacketRatePerDestination>300</PacketRatePerDestination> <BurstRatePerDestination>100</BurstRatePerDestination> <ApplyFlag>Enable/Disable</ApplyFlag> </Destination> </ICMPFlood> <DroppedSourceRoutedPackets> <Destination> <ApplyFlag>Enable/Disable</ApplyFlag> </Destination> </DroppedSourceRoutedPackets> <DisableICMPRedirectPacket> <Destination> <ApplyFlag>Enable/Disable</ApplyFlag> </Destination> </DisableICMPRedirectPacket> <DisableARPFlooding> <Destination> <ApplyFlag>Enable/Disable</ApplyFlag> </Destination> </DisableARPFlooding> </DoSSettings>



Parameter Mandatory Default Description
PacketRatePerSourceNo 
Specify total number of packets allowed to a particular user for SYN flood attack.
PacketRatePerSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 600000 is allowed.
  • Maximum characters allowed are 6.
BurstRatePerSourceNo 
Specify maximum number of packets allowed to a particular user at a given time.
BurstRatePerSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 10000 is allowed.
  • Maximum characters allowed are 5.
ApplyFlagNo  
Select the flag to control allowed number of packets.
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PacketRatePerDestinationNo 
Specify total number of packets allowed from a particular user.
PacketRatePerDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 600000 is allowed.
  • Maximum characters allowed are 6.
BurstRatePerDestinationNo 
Specify maximum number of packets allowed from a particular user at a given time.
BurstRatePerDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 10000 is allowed.
  • Maximum characters allowed are 5.
ApplyFlagNo  
Specify 'chkSYNFloodDst'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PacketRatePerSourceNo 
Specify 'txtUDPFloodSrcPacket'
PacketRatePerSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 600000 is allowed.
  • Maximum characters allowed are 6.
BurstRatePerSourceNo 
Specify 'txtUDPFloodSrcBurst'
BurstRatePerSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 10000 is allowed.
  • Maximum characters allowed are 5.
ApplyFlagNo  
Specify 'chkUDPFloodSrc'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PacketRatePerDestinationNo 
Specify 'txtUDPFloodDstPacket'
PacketRatePerDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 600000 is allowed.
  • Maximum characters allowed are 6.
BurstRatePerDestinationNo 
Specify 'txtUDPFloodDstBurst'
BurstRatePerDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 10000 is allowed.
  • Maximum characters allowed are 5.
ApplyFlagNo  
Specify 'chkUDPFloodDst'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PacketRatePerSourceNo 
Specify 'txtTCPFloodSrcPacket'
PacketRatePerSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 600000 is allowed.
  • Maximum characters allowed are 6.
BurstRatePerSourceNo 
Specify 'txtTCPFloodSrcBurst'
BurstRatePerSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 10000 is allowed.
  • Maximum characters allowed are 5.
ApplyFlagNo  
Specify 'chkTCPFloodSrc'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PacketRatePerDestinationNo 
Specify 'txtTCPFloodDstPacket'
PacketRatePerDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 600000 is allowed.
  • Maximum characters allowed are 6.
BurstRatePerDestinationNo 
Specify 'txtTCPFloodDstBurst'
BurstRatePerDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 10000 is allowed.
  • Maximum characters allowed are 5.
ApplyFlagNo  
Specify 'chkTCPFloodDst'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PacketRatePerSourceNo 
Specify 'txtICMPFloodSrcPacket'
PacketRatePerSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 600000 is allowed.
  • Maximum characters allowed are 6.
BurstRatePerSourceNo 
Specify 'txtICMPFloodSrcBurst'
BurstRatePerSource confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 10000 is allowed.
  • Maximum characters allowed are 5.
ApplyFlagNo  
Specify 'chkICMPFloodSrc'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PacketRatePerDestinationNo 
Specify 'txtICMPFloodDstPacket'
PacketRatePerDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 600000 is allowed.
  • Maximum characters allowed are 6.
BurstRatePerDestinationNo 
Specify 'txtICMPFloodDstBurst'
BurstRatePerDestination confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first character: (1-9). For other characters: (0-9)
  • Range 1 to 10000 is allowed.
  • Maximum characters allowed are 5.
ApplyFlagNo  
Specify 'chkICMPFloodDst'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ApplyFlagNo  
Specify 'chkDropSourceRoutedPacketsDst'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ApplyFlagNo  
Specify 'chkDisableICMPredirectPacketDst'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ApplyFlagNo  
Specify 'chkDisableARPFloodingDst'
ApplyFlag confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.



Operation   Status   Message
Configuration DOS Settings200
Configuration DOS Settings500

© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.