DOS & DDOS Prevention, Mitigation

Preface

Since R80.20 DOS/DDOS Prevention changed in Check Point.
The following is a summary how you can setup and mitigate DOS & DDOS attacks.

SYN Defender since R80.20

Important changes in IPS "SYN Attack" (SYN Defender) protection for R80.20 and above

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk120476

How to configure Rate Limiting rules for DoS Mitigation (R80.20 and newer)

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk112454

Mitigation

How to configure Security Gateway to detect and prevent port scan

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk110873&partition=Advanced&product=Security

How to create and view Suspicious Activity Monitoring (SAM) Rules

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk112061

Best practice

sam_alert -t 120 -I -src


Revision #4
Created 21 October 2020 14:45:29
Updated 21 October 2020 15:53:38