Manual Chapter :
Managing Device DoS Configurations in Shared
Security
Applies To:
Show VersionsBIG-IQ Centralized Management
- 7.1.0
Managing Device DoS Configurations in Shared
Security
About device DoS configurations
You use the Device DoS Configurations screens to manage the device DoS
configuration on the BIG-IP devices.
- To review or edit a BIG-IP device DoS configuration, click the name of the BIG-IP device for that DoS configuration.
- To enable Device DoS logging and create the needed configuration objects, click the check box to the left of the devices and clickConfigure DoS Logging. Once you enable and deploy this feature, the BIG-IP devices send DoS logging events to Data Collection Devices which can then be viewed on the BIG-IQ Centralized Management system. You view these events using the screens.
- To disable DoS logging, click the check box to the left of the devices and clickDisable DoS Logging.
- To copy a DoS configuration from one BIG-IP device to another, click the check box to the left of the device to copy from and clickCopy. Then, in the Copy Device DoS Configuration dialog box, select the devices to which the configuration should be copied.The BIG-IP device versions must be the same for the device being copied from and the one or more devices to which the configuration are being copied.
Edit device DoS configurations
You can view and edit device DoS configuration properties using the Device DoS
Configuration Properties screen to better protect your systems against DoS
attacks.
- Click.
- In the Device DoS Configurations screen, click the name of the device configuration to view or edit.
- From theLog Publisherlist, specify whether to use a log publisher, and if so, which one.
- Below theLog Publisherlist, there might be a threshold field, depending on the version of BIG-IP device you are managing.
- If you are managing a BIG-IP device version earlier than version 12.1, there is no threshold field.
- If you are managing a BIG-IP device version 12.1.x, you can use theAuto Threshold Sensitivityfield to select a sensitivity value between 1 - 100.
- If you are managing a BIG-IP device version 13.0.x or later, you can use theThreshold Sensitivityfield to select the sensitivity.
- In the Network Security Dynamic Signatures area, select the settings for dynamic signatures. This setting is available only for BIG-IP devices version 13.0 or later.
- Specify theEnforcementsetting for Network Security dynamic signatures.
- To enable enforcement of dynamic DoS vectors, selectEnabled. When enforcement is enabled, all thresholds and threshold actions are applied. Enabling enforcement displays additional options.
- To apply no action or thresholds to dynamic vectors, selectDisabled.
- To track dynamic vector statistics, without enforcing any thresholds or limits, selectLearn-Only.
- Specify theMitigation Sensitivityfor dynamic signatures.
- In theRedirection/Scrubbingsetting, select whether to enable redirection and scrubbing of IP addresses identified by dynamic vectors. This enables handling of the dynamic vector hits by an IP intelligence category. Enabling redirection and scrubbing displays additional options.
- In theScrubbing Categorysetting, select the IP intelligence blacklist category to which scrubbed IP addresses are sent.
- In theScrubbing Advertisement Timesetting, type the duration in seconds for which an IP address is added to the blacklist category.
- In the DNS Security Dynamic Signatures area, select the settings for DNS Security dynamic signatures. This setting is available only for BIG-IP devices version 13.0 or later.
- Specify theEnforcementsetting for dynamic signatures.
- To enable enforcement of dynamic DoS vectors, selectEnabled. When enforcement is enabled, all thresholds and threshold actions are applied. Enabling enforcement displays additional options.
- To apply no action or thresholds to dynamic vectors, selectDisabled.
- To track dynamic vector statistics, without enforcing any thresholds or limits, selectLearn-Only.
- Specify theMitigation Sensitivityfor dynamic signatures.
- In the Attack Types Category area, click the category row to expand it so you can view or modify attack types within the category.
- In the Attack Types list, click the name of an attack type to modify its properties. Note that some properties are read-only.
- When you are finished modifying an attack type, clickOKto save your changes to that attack type.
- When you are finished modifying all attack types for the BIG-IP device, save your changes.
- When you are finished modifying all attack types for the BIG-IP device, save your changes.
Copy device DoS configurations
You enable device DoS event logging using the the devices displayed in the list. When enabled, you can view these device DoS events using the
screens.- Click.The Device DoS Configurations screen opens.
- To copy a DoS configuration from one BIG-IP device to another, click the check box to the left of the device to copy from and clickCopy.The Copy Device DoS Configuration dialog box opens.
- In the dialog box, select the devices to which the configuration should be copied and clickOK.The BIG-IP device versions must be the same for the device being copied from and the one or more devices to which the configuration is being copied.
The device DoS configuration is copied to the one or more other devices.
Configure device DoS event logging
You enable device DoS event logging using the the devices displayed in the list. When enabled, you can view these device DoS events using the
screens.- Click.The Device DoS Configurations screen opens.
- To enable logging of device DoS events, click the check box next to the device to configure, and clickConfigure DoS Logging.To disable logging of device DoS events, click the check box next to the device to configure, and clickDisable DoS Logging.
The DoS Logging Configuration dialog box opens so that you can begin the configuration process.
Review the information about the configuration process before continuing. This is described in the
Monitoring DoS events
topics in F5 BIG-IQ Centralized Management: Monitoring and
Reporting
on support.f5.com
.