FortiDDOS Feature HIGHLIGHTS

100% Machine Learning Detection	FortiDDoS doesn’t rely on signature files that need to be updated with the latest threats so you’re protected from both known and unknown “zero-day” attacks. No “threat-protection” subscriptions required. Saves OPEX.
Massively Parallel Architecture	Parallel architecture provides 100% packet inspection with bidirectional detection and mitigation of Layer 3, 4, and 7 DDoS attacks even at the smallest packets sizes. Get the performance you pay for.
Continuous Attack Evaluation	Minimizes the risk of “false positive” detection by reevaluating the attack to ensure that “good” traffic isn’t disrupted. Less management time needed.
Advanced DNS Protection	FortiDDoS provides 100% inspection of all DNS Query and Response traffic up to 12 million QPS, for protection from a broad range of DNS-based volumetric, application and anomaly attacks. DNS Reflection floods are stopped from the FIRST packet
Advanced NTP Protection (selected models)	FortiDDoS provides 100% inspection of all NTP Query and Response traffic up to 6 million QPS. NTP Reflection floods are stopped from the FIRST packet.
Continuous Learning	With continuous background learning and minimal configuration, FortiDDoS will automatically build normal traffic and resources behavior profiles saving you time and IT management resources.
Autonomous Mitigation	No operator intervention required for any type or size of attack.
Hybrid On-premise/Cloud Support	Open, documented API allows integration with third-party cloud DDoS mitigation providers for flexible deployment options and protection from large-scale DDoS attacks.
Fortinet Security Fabric Integration	Single-pane visibility of attack mitigation and network performance reduces management and improves response time (on selected models).
RESTful API	FortiDDoS can be integrated into almost any environment through its RESTful API
Central Manager	FortiDDoS-CM (for B-/E-Series) is available for users with multiple geographically dispersed FortiDDoS units. One management screen for all devices with single sign-on.

Access Control Lists

FortiDDoS is the ONLY product in the industry that supports large ACLs in hardware with no performance degradation.

While most DDoS attacks use spoofed source IP addresses, your existing Indicators of Compromise IP address and domain lists can be uploaded to FortiDDoS to offload other infrastructure.

IP Reputation – Fortinet FortiGuard subscription
IP/subnet Blocklist/ Allowlist
Bulk IPv4 Blocklist Customer Upload (>1million addresses)
Geolocation
Enhanced BCP38 Source Address Validation/Local Address
Anti-Spoofing (>2000 subnets) (B/E)
Protocol, UDP, TCP, and other Protocol Fragments, DNS Fragment, L4 Port, ICMP Type/Code
HTTP Methods, URLs, Hosts, Referrers, User Agents
DNS Domain Reputation – Fortinet FortiGuard subscription
(>250k Malicious Domains)
DNS Bulk Domain Blocklist Customer Upload (>500k Domains)
DNS Resource Record ACLs (256 RRs)
IPv4/v6, Protocol, TCP/UDP Port, ICMP Type-Code, TCP/UDP/Other fragment ACL
Flowspec ACL script generation

Comprehensive Reporting

Filterable/Exportable Attack Log
Summary Graphs and Logs for:
Top Attacks / Top Attackers
Top ACL Drops
Top Attacked Subnets and IP Addresses
Top Attacked Protocols
Top Attacked TCP and UDP Ports
Top Attacked ICMP Types/Codes
Top Attacked URLs, HTTP Hosts, Referers, Cookies, UserAgents
Top Attacked DNS Servers
Top Attacked DNS Anomalies
Physical Port, SPP, SPP Policy (subnet) and SPP Policy Group statistics: Mbps/pps and Drops graphing
Custom, on-demand, on-schedule and/or on-AttackThreshold reports in multiple formats
Millions of built-in reporting graphs for real-time and forensic analysis

Centralized Event Reporting