Fortinet FortiDDoS Review

Detects/mitigates DDoS attacks at L3 to L7, with negligible false-positives

What is our primary use case?

I use FortiDDoS in an internet datacentre with multiple upstreams to protect my infrastructure and customers from current and future DDoS attacks.

How has it helped my organization?

Compared to other DDoS mitigation solutions with similar deployment, FortiDDoS does not require 24x7 NOC. It has lower TCO.

What is most valuable?

  • Detects and mitigates DDoS attacks at L3 to L7 - DDoS attacks are not only ICMP (L3) and UDP (L4).
  • Protection from Zero-day DDoS attacks - I don’t have to worry whether my current solution is relevant in the future.
  • Negligible to zero false-positives - With a high-rate of false-positives I would have to have a 24x7 NOC which would increas TCO and decreas customer confidence.
  • Ability to detect and mitigate DDoS attacks while allowing legitimate traffic from the same source IP.
  • Does not rely only/mainly on signature because a signature-based DDoS solution cannot detect many DDoS packets; and worse, they are the cause of false-positives.
  • Purpose-built CPU.
  • Generates and sends reports without the need for an expensive third-party solution - Such solutions for generating and sending reports would increase TCO.

What needs improvement?

Multiple subnets can be created in one SPP Policy. Multiple subnets can be selected in one report configuration. One report configuration can have multiple schedules. All those thresholds that need to be configured should be included in the default so that user will not forget or misconfigure.

For how long have I used the solution?

Three to five years.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment