Applies To:Show Versions
BIG-IQ Centralized Management
Monitoring Ongoing DDoS Attacks
Identifying protected objects under DDoS attack
- Edit the DoS profile that corresponds with the protected object(s).
- Assign a different DoS profile to your virtual server or Netflow protected server.
- Assign a different DoS profile to an application template.
Identify the status of applications and virtual servers under DDoS attack
- Go to.
- ClickPROTECTED OBJECTSin the summary bar at the top of the screen.This displays all the applications and virtual servers with DDoS protection.
- To view only those objects that are under attack, filter the object list by selecting theFilter Under Attackbox found in thePROTECTED OBJECTSarea in the summary bar.
- Note the health of your objects from the Status column.
Edit the DoS profile of objects under attack
- A BIG-IQ data collection device configured for the BIG-IQ device
- The BIG-IP device located in your network and running a compatible software version
- Statistics collection enabled for managed BIG-IP devices
- AVR provisioned on your BIG-IP devices
- Go to.
- Click the PROTECTED OBJECTS area in the summary bar at the top of the screen.The screen displays details of all protected objects, including the object's health status, number of attacks detected, protection mode, and host BIG-IP device.
- To display only the protected objects that are currently under attack, clickFilter Under Attack.
- In the PROTECTED OBJECTS area, clickCritical,Moderate, orGoodto filter objects according their current health status.To view information about the specific attacks affecting your objects, seeMonitoring ongoing DDoS attacksand filter your search by the protected object's name.
- From the filtered list of protected objects under attack, note the protection mode which is marked to the left of the DDoS Profile column.If your object is under Monitoring, or Transparent, protection ( ) the DoS profile is only recording the detected DoS attacks, and does not apply mitigation or prevention measures.
- From the DDoS Profile column, click the DoS profile's name.The screen display's the DoS profile's properties and protection settings.
Edit a virtual server's protection in shared security
- Go to.
- From theAll Typeslist at the upper left of the screen, selectVirtual Server.You can use the other lists to further filter the displayed objects. Additional objects include options to filter an object based on attack status, protection profiles under shared security, and additional policies.
- Click the name of the virtual server that requires changes in its protection profile.
- Use the summary area to evaluate the current security status, health, and traffic data for the selected virtual server.For details about the specific attacks, see the attack grid located at the bottom of the screen.
- Scroll to the Protection Settings area to edit the virtual server's protection profile.
- To edit the allowedThroughput Capacity (Mbps)of the virtual server (by Megabits per second ), type a value between 10 and 106.
- Select an option from theProtection Profilelist to assign a new DoS profile.
- Select an option from theEviction Policylist to assign a new eviction policy.
- Select an option from theIP Intelligencelist to assign a new IP intelligence policy.
- ClickSave & Closeto save your changes.
Edit a Netflow object's protection in shared security
- Go to.
- From theAll Typeslist at the top of the screen, selectNetflow Protected Object.You can use the other lists to further filter the displayed objects. Additional objects include options to filter an object based on attack status, protection profiles under shared security, and additional policies.
- Click the name of a Netflow object that requires changes in its traffic matching criteria or capacity thresholds.
- ForTraffic Matching Criteria, you can either select an existing traffic matching criteria for the Netflow object's device, or clickAddto create a new traffic matching criteria.Traffic Matching Criteria must be unique per Netflow object. If a traffic matching criteria is duplicated on Netflow objects on a device, both traffic matching criteria become invalid. For more information about creating a new Traffic Matching Criteria, see Create a Netflow protected server.
- To edit the allowed capacity, edit the settingsThroughput Capacity(between values 10-1010),Packet Capacity(between values 10-1010), orConnection Capacity(between values 10-106).Editing the capacity settings enables restriction past a set threshold. If you do not want a limitation on Netflow traffic, clickInfinity.
- ClickSave & Close.
Edit an application's shared security protection
- At the top of the screen, clickApplications, then, on the left, clickAPPLICATION TEMPLATES.The screen lists the AS3 and service catalog templates defined on this BIG-IQ.
- Select the check box to the left of any service catalog template you want to clone.
- Click theMorebutton, and then clickClone.
- Type aNameand clickClone.The system creates a clone of the service catalog template, which is listed under the service templates.
- Click the name of the new template.
- On the left, clickSECURITY POLICIESto display all security settings for that template.
- Under the Shared Security area, you can add or edit DoS and Logging profiles to the virtual server's host device.
- ClickSave & Close.
- Select the check box to the left of your new cloned template, and clickPublish.