¶ Thresholds configuration
¶ Description:
¶ What does it represent in the system?
Threshold is a fundamental part of anti-DDoS, because through it, the system has what it needs to see if an IP is being attacked or not. By associating Prefixes with Threshold, we have the limit of how much each IP can reach in its traffic, either in Mbps or PPS, in its total and in its TCP, UDP and ICMP protocols. As soon as an IP has any rule of that out of date, the system starts to analyze it as an attack.
¶ Creation:
To register your Threshold just go to the specific screen:
And click Add Threshold:
After that, simply name it and configure the rules for each field.
¶ Setup:
To determine the rules, it is recommended to start from the Total Megabits per second that the associated IPs can reach and from that value convert the Total Packets per second and traffic per protocol.
Below is an example of a Threshold configured for IPs that reach a maximum of 1000 Mbps:
For example, for the number of Packets per Second, a conversion site can be used initially, but as the traffic is read on the anti-DDoS and anomalies are detected or are not detected, the improvement is made to these rules.