Manual Chapter : Managing DoS Protection on managed devices

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.0.0
Manual Chapter

Managing DoS Protection on managed devices

About device DoS configurations

The Device DoS Configurations screens are used to to manage the DoS Protection configured on managed BIG-IP devices.

Edit device DoS configurations

You can view and edit device DoS configuration properties using the Device DoS Configuration Properties screen to better protect your systems against DoS attacks.
  1. Click
    Configuration
    SECURITY
    Shared Security
    DoS Protection
    Device DoS Configurations
    .
  2. In the Device DoS Configurations screen, click the name of the device configuration to view or edit.
  3. From the
    Log Publisher
    list, specify whether to use a log publisher, and if so, which one.
  4. Below the
    Log Publisher
    list, there might be a threshold field, depending on the version of BIG-IP device you are managing.
    • If you are managing a BIG-IP device version 12.1.x, you can use the
      Auto Threshold Sensitivity
      field to select a sensitivity value between 1 - 100.
    • If you are managing a BIG-IP device version 13.0.x or later, you can use the
      Threshold Sensitivity
      field to select the sensitivity.
  5. In the Network Security Dynamic Signatures area, select the settings for dynamic signatures. This setting is available only for BIG-IP devices version 13.0 or later.
    1. Specify the
      Enforcement
      setting for Network Security dynamic signatures.
      • To enable enforcement of dynamic DoS vectors, select
        Enabled
        . When enforcement is enabled, all thresholds and threshold actions are applied. Enabling enforcement displays additional options.
      • To apply no action or thresholds to dynamic vectors, select
        Disabled
        .
      • To track dynamic vector statistics, without enforcing any thresholds or limits, select
        Learn-Only
        .
    2. Specify the
      Mitigation Sensitivity
      for dynamic signatures.
    3. In the
      Redirection/Scrubbing
      setting, select whether to enable redirection and scrubbing of IP addresses identified by dynamic vectors. This enables handling of the dynamic vector hits by an IP intelligence category. Enabling redirection and scrubbing displays additional options.
    4. In the
      Scrubbing Category
      setting, select the IP intelligence denylist category to which scrubbed IP addresses are sent.
    5. In the
      Scrubbing Advertisement Time
      setting, type the duration in seconds for which an IP address is added to the denylist category.
  6. In the DNS Security Dynamic Signatures area, select the settings for DNS Security dynamic signatures. This setting is available only for BIG-IP devices version 13.0 or later.
    1. Specify the
      Enforcement
      setting for dynamic signatures.
      • To enable enforcement of dynamic DoS vectors, select
        Enabled
        . When enforcement is enabled, all thresholds and threshold actions are applied. Enabling enforcement displays additional options.
      • To apply no action or thresholds to dynamic vectors, select
        Disabled
        .
      • To track dynamic vector statistics, without enforcing any thresholds or limits, select
        Learn-Only
        .
    2. Specify the
      Mitigation Sensitivity
      for dynamic signatures.
  7. In the Attack Types Category area, click the category row to expand it so you can view or modify attack types within the category.
  8. In the Attack Types list, click the name of an attack type to modify its properties. Note that some properties are read-only.
  9. When you are finished modifying an attack type, click
    OK
    to save your changes to that attack type.
  10. When you are finished modifying all attack types for the BIG-IP device, save your changes.

Copy device DoS configurations

You enable device DoS event logging using the the devices displayed in the list. When enabled, you can view these device DoS events using the
Monitoring
DASHBORADS
DDoS
screens.
For managed devices running versions earlier than 13.1.0.5, you can only view events from
Monitoring
Events
DDoS
screens.
  1. Click
    Configuration
    SECURITY
    Shared Security
    DoS Protection
    Device DoS Configurations
    .
    The Device DoS Configurations screen opens.
  2. To copy a DoS configuration from one BIG-IP device to another, click the check box to the left of the device to copy from and click
    Copy
    .
    The Copy Device DoS Configuration dialog box opens.
  3. In the dialog box, select the devices to which the configuration should be copied and click
    OK
    .
    The BIG-IP device versions must be the same for the device being copied from and the one or more devices to which the configuration is being copied.
The device DoS configuration is copied to the one or more other devices.