thepowercoders
commented
1 year ago is there any update on this enhancement request? All the DDoS settings in AS3 are for protected objects - there is no ability to configure the Device level DDoS settings. However, DO has no DDOS settings at all. I agree DO is probably a better place than AS3 for device level DDOS configuration so would like to see if this is roadmapped.. thanks.
Is your feature request related to a problem? Please describe.
ISP customer Orange, require to configure all the DDOS features at the Device Level.
Describe the solution you'd like
It can be configured either with GUI or tmsh as shown below: (tmos)# list security dos device-config all-properties security dos device-config dos-device-config { auto-threshold-sensitivity 50 custom-signatures none dns-dos-mitigation-percentage 500 dns-security none dos-device-vector { arp-flood { allow-advertisement disabled allow-upstream-scrubbing disabled attacked-dst disabled auto-blacklisting disabled auto-scrubbing disabled auto-threshold disabled bad-actor disabled blacklist-category denial_of_service blacklist-detection-seconds 60 blacklist-duration 14400 ceiling 200000 default-internal-rate-limit 100000 detection-threshold-percent 500 detection-threshold-pps 10000 enforce enabled floor 5000 multiplier-mitigation-percentage inherited-default packet-types none per-dst-ip-detection-pps infinite per-dst-ip-limit-pps infinite per-source-ip-detection-pps infinite per-source-ip-limit-pps infinite scrubbing-category attacked_ips scrubbing-detection-seconds 10 scrubbing-duration 900 simulate-auto-threshold disabled state disabled suspicious false threshold-mode fully-automatic valid-domains none } All others vectors....
Describe alternatives you've considered
For the time being either CLI (tmos)# modify security dos device-config dos-device-config dos-device-vector { arp-flood .... or GUI is used
Additional context
Add any other context, such as the desired tmsh configuration, about the feature request here.