Early versions of FastNetMon Advanced used the same thresholds for incoming and outgoing traffic, which wasn't optimal behaviour for all customers.
Starting from version 2.0.313, we added an option to use different thresholds for incoming and outgoing traffic. This behaviour is controlled using the following flag, and you may check the current configuration for it this way:
sudo fcli show main per_direction_hostgroup_thresholds
All new installations have this flag set to true.
This flag changes the logic of FastNetMon, and instead of using thresholds like this for both incoming and outgoing traffic:
threshold_mbps: 1000 ban_for_bandwidth: true
It adds a dedicated set of thresholds for outgoing traffic:
threshold_mbps_outgoing: 1000 ban_for_bandwidth_outgoing: true
Old-style thresholds without the suffix "_outgoing" continue to work but apply only for incoming traffic direction.
In addition to separate thresholds, this new flag, when set to true, introduces a behaviour change and adds logic to check new per-direction attack detection flags for each hostgroup:
sudo fcli show hostgroup global|grep enable enable_ban_incoming: false enable_ban_outgoing: false
Previously, you had to set enable_ban flag to "true" for a host group to enable attack detection.
When per_direction_hostgroup_thresholds is enabled in addition to setting enable_ban, you need to explicitly set enable_ban_incoming or enable_ban_outgoing to "true".
For example, for configuration with incoming only attack detection, you need to have the following flags set for a particular host group:
enable_ban: true enable_ban_incoming: true enable_ban_outgoing: false
If you want to migrate your old installation and enable per-direction thresholds, you need to apply the following changes:
sudo fcli set per_direction_hostgroup_thresholds true sudo fcli commit
After that, you need to manually enable ban for incoming traffic for all hostgroups, including the global host group:
sudo fcli set hostgroup <hostgroup_name> enable_ban_incoming true sudo fcli commit
If you use remote host attack detection, you need to check this guide, as this change affects remote thresholds too.
After that, you can set outgoing thresholds with _outgoing suffix if needed.
We recommend switching to the new per_direction_hostgroup_thresholds logic, as the old logic will be deprecated in future.