Since early versions of FastNetMon Advanced it used same thresholds for incoming and outgoing traffic which wasn’t optimal behaviour for all customers.
Starting from version 2.0.313 we added option to use different thresholds for incoming and outgoing traffic. This behaviour is controlled using following flag and you may check current configuration for it this way:
sudo fcli show main per_direction_hostgroup_thresholds
All new installation have this flag set to true.
This flag changes logic of FastNetMon and instead of using thresholds like this for both incoming and outgoing traffic:
threshold_mbps: 1000 ban_for_bandwidth: true
It adds dedicated set of thresholds for outgoing traffic:
threshold_mbps_outgoing: 1000 ban_for_bandwidth_outgoing: true
Old style thresholds without suffix “_outgoing” continue to work but apply only for incoming traffic direction.
In addition to separate thresholds this new flag when set to true introduces behaviour change and adds logic to check new per direction attack detection flags for each hostgroup:
sudo fcli show hostgroup global|grep enable enable_ban_incoming: false enable_ban_outgoing: false
Previously you had to set enable_ban flag to true for hostgroup to enable attack detection.
When per_direction_hostgroup_thresholds is enabled in addition to setting enable_ban you need to explicitly set enable_ban_incoming or enable_ban_outgoing to true.
For example for configuration with incoming only attack detection you need to have following flags set for particular hostgroup:
enable_ban: true enable_ban_incoming: true enable_ban_outgoing: false
If you want to migrate your old installation and enable per direction thresholds you need to apply following changes:
sudo fcli set per_direction_hostgroup_thresholds true sudo fcli commit
After that you need to manually enable ban for incoming traffic for all hostgroups including global hostrgoup:
sudo fcli set hostgroup <hostgroup_name> enable_ban_incoming true sudo fcli commit
If you use remote host attack detection you need to check this guide as this change affects remote thresholds too.
After that you can set outgoing thresholds with _outgoing suffix if needed.
We recommend switching to new per_direction_hostgroup_thresholds logic as old logic will be deprecated in future.