Block DDoS attack detected by DDoS Protector
This topic describes the automated blocking of attackers detected by DDoS Protector and outlines supported products, parameters, trigger conditions, and flow information. It includes details about configuration options and automation behavior.
Supported Product
Check Point Security Management Server (Quantum)
Check Point Quantum DDoS Protector
The automation blocks attackers across the organization and is triggered by attacks that are detected by DDoS Protector. The notification includes information on the attack and the attacker. More parameters can be set using the automation parameters such as the block duration, whether the block is automatic or upon administrator' approval, and so on.
Parameters
|
IP block duration |
Select the expiration period for the blocked IPs. The default duration is 1 day. |
|
Admin's approval is required for blocking DDoS attackers |
Select the checkbox if you want administrator's approval to execute the automation. Tip:
Check Point recommends that you leave Admin's approval is required for blocking DDoS attackers checkbox unselected. |
Trigger
Attack identified by Quantum DDoS Protector.
To view the example of this log, click Run.
Flow