Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

DDOS defense

Jump to solution

Hi  

I want to know how to defend the gateway of R80.30 from DDOS and whether the threshold of DDOS protocol can be defined.

Thanks & Regards

1 Solution

Accepted Solutions
Highlighted

Hi @JiaMIn,

This applies to configuration of DOS/Rate Limiting for R80.20 and newer. Rate limiting is a defense against DoS (Denial of Service) attacks. This links describes the DoS/Rate Limiting system as implemented in R80.20 and newer, including the following features:

- Policy Rules
- IP Blacklist
- Block IP Fragments
- Block IP Options
- Penalty Box
- DoS Whitelist
- Penalty Box Whitelist

In general, these features solve separate problems, and are managed/configured separately. However be aware that there are some global settings that will affect the behavior of multiple features simultaneously.

To maximize performance, the DoS/Rate Limiting policy is enforced as early as possible in the packet flow. For most features this means it is enforced in SecureXL. Connection-based policy is the single exception (R80.20 and newer). This policy is enforced by the Firewall blade since this is where the related connection state is stored and managed.


How to configure Rate Limiting rules for DoS Mitigation (R80.20 and newer). More read here:

sk112454 - How to configure Rate Limiting rules for DoS Mitigation (R80.20 and newer)  

How to configure Rate Limiting rules for DoS Mitigation (R80.10 and older). More read here:

sk164472 - How to configure Rate Limiting rules for DoS Mitigation (R80.10 and older) 

View solution in original post

Tags (1)
5 Replies
Highlighted
Admin
Admin
We have a Best Practice SK on this topic: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
We also sell appliances/services that specifically help with DDoS: https://www.checkpoint.com/products/ddos-protector/
0 Kudos
Highlighted
Advisor

sk112241   Best Practices - DDoS attacks on Check Point Security Gateway

This will auto close secureXL

0 Kudos
Highlighted
Employee++
Employee++

Further to @PhoneBoy excellent suggestions it's also helpful to do the basics at the network edge like routing unused public networks to null and applying infrastructure ACLs assuming you have an upstream border router(s).

0 Kudos
Highlighted
 
Tags (1)
0 Kudos
Highlighted

Hi @JiaMIn,

This applies to configuration of DOS/Rate Limiting for R80.20 and newer. Rate limiting is a defense against DoS (Denial of Service) attacks. This links describes the DoS/Rate Limiting system as implemented in R80.20 and newer, including the following features:

- Policy Rules
- IP Blacklist
- Block IP Fragments
- Block IP Options
- Penalty Box
- DoS Whitelist
- Penalty Box Whitelist

In general, these features solve separate problems, and are managed/configured separately. However be aware that there are some global settings that will affect the behavior of multiple features simultaneously.

To maximize performance, the DoS/Rate Limiting policy is enforced as early as possible in the packet flow. For most features this means it is enforced in SecureXL. Connection-based policy is the single exception (R80.20 and newer). This policy is enforced by the Firewall blade since this is where the related connection state is stored and managed.


How to configure Rate Limiting rules for DoS Mitigation (R80.20 and newer). More read here:

sk112454 - How to configure Rate Limiting rules for DoS Mitigation (R80.20 and newer)  

How to configure Rate Limiting rules for DoS Mitigation (R80.10 and older). More read here:

sk164472 - How to configure Rate Limiting rules for DoS Mitigation (R80.10 and older) 

View solution in original post

Tags (1)