FortiDDoS®
Family of DDoS Prevention Appliances
Proven DDoS Defense
Powered by the purpose-built FortiASIC-TP™ (Traffic Processors), the FortiDDoS family of purposebuilt network appliances provides effective, fast protection against DDoS attacks. FortiDDoS helps you
protect your internet infrastructure from threats and service disruptions by surgically removing network and application layer DDoS attacks, while letting legitimate traffic flow without being impacted.
- High performance ASIC-based detection and mitigation
- Virtual network partitions for multi-tenant environments
- Auto-Learning baselining reduces management overhead
- Granular visibility with comprehensive reporting of attack and traffic analysis
Differentiated Technology
The FortiDDoS network behavior analysis (NBA) system provides real-time visibility into malicious activity
targeting your Internet-facing network. Its hardware-based policy enforcement ensures legitimate traffic
will not be affected as it detects and blocks malicious behavior.
FortiDDoS appliances inspect traffic at up to 3Gbps full-duplex line speed, even under full scale attack without having to resort to sampling traffic to reduce performance bottlenecks. It automatically learns
traffic patterns and behavior, and continuously updates its set of thresholds used for policy enforcement. By dynamically setting thresholds on the broadest range of Layer 3, 4 and 7 parameters, the FortiDDoS
appliance detects and blocks attacks in a matter of seconds, requiring no intervention from an administrator.
Through its unique continuous learning capability, the FortiDDoS family differentiates between gradual build-ups in legitimate traffic and attacks, thereby eliminating false positives arising from campaigns or legitimate search engines.
|
Fast and Effective DDoS Detection and Mitigation
ASIC-based behavior analysis accurately detects and blocks anomalies, reconnaissance, and DDoS attacks.
|
|
Virtual Network Traffic Partitions
Separate traffic partitions and policies protect other segments and tenants from attack.
|
|
Comprehensive Reporting Capabilities
Real-time and historic reports provide granular visibility of each virtual network and protocol layer.
|
Unmatched Visibility
FortiDDoS gives you granular visibility into your network’s behavior, accurately determining the
source of an attack and allowing legitimate traffic through while blocking flood traffic. Source
tracking pinpoints the address of a non-spoofed attack, and can even contact the offender’s domain
administrator.
FortiDDoS immediately blocks dark address scans to prevent outbreak of worms and stealth activity.
By preventing header and state anomalies, it further helps in providing a clean pipe to your network.
By providing line-rate granular ACLs, FortiDDoS helps protect your infrastructure from unwanted traffic
in the data center as well as at the perimeter.
By using Virtual Identification, FortiDDoS can segregate packets from up to eight discretely managed
servers, subnets or networks into different policy domains using IP addresses/masks providing a
second level of granular protection to your network.