FastNetMon is a baseline / threshold based DDoS detection engine and it means that you need to set level of traffic which will be considered as attack by FastNetMon.

By default, FastNetMon has global hostgroup which keeps thresholds for all hosts in your network.

To set level of traffic which FastNetMon will consider as an attack we need to make some configuration adjustments.

As example we will trigger attack detection for hosts which are receiving more than 100 Mbps of incoming traffic:

sudo fcli set hostgroup global threshold_mbps 100
sudo fcli set hostgroup global ban_for_bandwidth enable
sudo fcli commit

Then we need to enable attack detection action for all hosts in our network this way:

sudo fcli set hostgroup global enable_ban enable
sudo fcli commit

After that we need to specify that we need attack detection only in incoming direction as DDoS is mostly coming from the outside.

sudo fcli set hostgroup global enable_ban_incoming enable
sudo fcli commit

If you would like to configure attack detection in outgoing direction you will need to apply following commands:

sudo fcli set hostgroup global enable_ban_outgoing enable

sudo fcli set main per_direction_hostgroup_thresholds enable
sudo fcli set main do_not_ban_outgoing disable
sudo fcli commit

And then set thresholds in outgoing direction too:

sudo fcli set hostgroup global threshold_mbps_outgoing 100
sudo fcli set hostgroup global ban_for_bandwidth_outgoing enable
sudo fcli commit

FastNetMon has multiple pre-defined thresholds types and you can find all of them on this page. You can enable multiple thresholds in same time.

In addition to pre-defined thresholds you can create completely custom thresholds using arbitrary information about traffic from Layers 3 and 4 of OSI model using flexible thresholds capability.

For networks with multiple types of client’s traffic profiles you may prefer to set different thresholds for different groups of your networks. We call these per network thresholds configurations hostgroups and you may create any number of them using this guide.

To help you with threshold configuration we have tool which can proving baseline recommendations using your historical traffic data.

24/7 Tech Support

Email Us