Since early versions of FastNetMon Advanced it used same thresholds for incoming and outgoing traffic which wasn’t optimal behaviour for all customers.

Starting from version 2.0.313 we added option to use different thresholds for incoming and outgoing traffic. This behaviour is controlled using following flag and you may check current configuration for it this way:

sudo fcli show main per_direction_hostgroup_thresholds

All new installation have this flag set to true.

This flag changes logic of FastNetMon and instead of using thresholds like this for both incoming and outgoing traffic:

threshold_mbps: 1000
ban_for_bandwidth: true

It adds dedicated set of thresholds for outgoing traffic:

threshold_mbps_outgoing: 1000
ban_for_bandwidth_outgoing: true

Old style thresholds without suffix “_outgoing” continue to work but apply only for incoming traffic direction.

In addition to separate thresholds this new flag when set to true introduces behaviour change and adds logic to check new per direction attack detection flags for each hostgroup:

sudo fcli show hostgroup global|grep enable

enable_ban_incoming: false
enable_ban_outgoing: false

Previously you had to set enable_ban flag to true for hostgroup to enable attack detection.

When per_direction_hostgroup_thresholds is enabled in addition to setting enable_ban you need to explicitly set enable_ban_incoming or enable_ban_outgoing to true.

For example for configuration with incoming only attack detection you need to have following flags set for particular hostgroup:

enable_ban: true
enable_ban_incoming: true
enable_ban_outgoing: false

If you want to migrate your old installation and enable per direction thresholds you need to apply following changes:

sudo fcli set per_direction_hostgroup_thresholds true
sudo fcli commit

After that you need to manually enable ban for incoming traffic for all hostgroups including global hostrgoup:

sudo fcli set hostgroup <hostgroup_name> enable_ban_incoming true
sudo fcli commit

If you use remote host attack detection you need to check this guide as this change affects remote thresholds too.

After that you can set outgoing thresholds with _outgoing suffix if needed.

We recommend switching to new per_direction_hostgroup_thresholds logic as old logic will be deprecated in future.

24/7 Tech Support

Email Us