Manual Chapter : Managing Device DoS Configurations in Shared Security

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.4.0
Manual Chapter

About device DoS configurations

You use the Device DoS Configurations screen to manage the device DoS configuration on the BIG-IP® devices.

To review or edit a device DoS configuration, click the name of the BIG-IP device.

Edit device DoS configurations

You can view and edit device DoS configuration properties using the Device DoS Configuration Properties screen to better protect your systems against DoS attacks.

  1. Click Configuration > SECURITY > Shared Security > DoS Protection > Device DoS Configurations .
  2. In the Device DoS Configurations screen, click the name of the device configuration to view or edit.
  3. From the Log Publisher list, specify whether to use a log publisher, and if so, which one.
  4. Below the Log Publisher list, there might be a threshold field, depending on the version of BIG-IP® device you are managing.
    • If you are managing a BIG-IP device version earlier than version 12.1, there is no threshold field.
    • If you are managing a BIG-IP device version 12.1.x, you can use the Auto Threshold Sensitivity field to select a sensitivity value between 1 - 100.
    • If you are managing a BIG-IP device version 13.0.x or later, you can use the Threshold Sensitivity field to select the sensitivity.
  5. In the Enforcement setting, specify the enforcement state for dynamic signatures.
    This setting is only available for BIG-IP devices version 13.0 or later.
    • To enable enforcement of dynamic DoS vectors, select Enabled. When enforcement is enabled, all thresholds and threshold actions are applied. Enabling enforcement causes additional options to be displayed.
    • To apply no action or thresholds to dynamic vectors, select Disabled.
    • To track dynamic vector statistics, without enforcing any thresholds or limits, select Learn-Only.
  6. In the Mitigation Sensitivity setting, specify the mitigation sensitivity for dynamic signatures.
  7. In the Redirection/Scrubbing setting, specify whether to enable redirection and scrubbing of IP addresses identified by dynamic vectors.
    This enables handling of the dynamic vector hits by an IP intelligence category. Enabling redirection and scrubbing causes additional options to be displayed.
  8. In the Scrubbing Category setting, select the IP intelligence blacklist category to which scrubbed IP addresses are sent.
  9. In the Scrubbing Advertisement Time setting, type the duration in seconds for which an IP address is added to the blacklist category.
  10. In the Category area, click the triangle to the left of a category to expand the category, and view or modify attack types within the category.
  11. In the Attack Type list, click the name of an attack type to modify its properties.
    Some properties are read-only.
  12. When you are finished modifying an attack type, click OK to save your changes to that attack type.
  13. When you are finished modifying all attack types for the BIG-IP device, save your changes.