Fortinet 5.0 Patch 6

Fortinet 491 FortiWeb 5.0 Patch 6 Administration Guide

Persistent Server

Sessions

Type the maximum number of concurrent TCP connections that will

be maintained by this policy to back-end servers.

The maximum number of HTTP sessions established with each server

depends on this field, and whether you have selected a single web

server or a Server Farm and Load Balancing Algorithm.

For example, if you set the value of Persistent Server Sessions to

10,000 and there are 4 web servers in a server farm that uses Round

Robin-style load-balancing, up to 10,000 client connections would be

accepted, resulting in up to 2,500 HTTP sessions evenly distributed

to each of the 4 web servers.

The default value varies. Each model of FortiWeb appliance has a

maximum allowed number of persistent sessions. The Edit Policy

dialog lists the minimum and maximum for your FortiWeb model next

to this field. For specifications, see “Appendix B: Maximum

configuration values” on page 669.

Tip: You can configure logging and/or alert email to notify you when

the appliance approaches its maximum. See the logging option

Persistent Server Session.

Blocking Port Select which network interface will be used to send TCP RST

(connection reset) packets in order to attempt to block the

request/connection when policy-violating traffic is detected. For

details on blocking behavior, see “Topology for offline protection

mode” on page 67.

This option appears only if the FortiWeb appliance is operating in

offline protection mode.

Syn Cookie Enable to prevent TCP SYN floods. Also configure Half Open

Threshold.

Note: This option is applicable only if the appliance is operating in

true transparent proxy mode. (Other modes use DoS protection

profiles instead. See “Preventing a TCP SYN flood” on page 354.)

Half Open

Threshold

Type the TCP SYN cookie threshold in packets per second. Also

configure Syn Cookie.

Note: This option is applicable only if the appliance is operating in

true transparent proxy mode. (Other modes use DoS protection

profiles instead. See “Preventing a TCP SYN flood” on page 354.)

HTTP Service Select the custom or predefined service that defines the TCP port

number where the virtual server or bridge receives HTTP traffic.

This option does not apply to either of the transparent modes.

Physical Server

Port

(under HTTP

Service)

Type the TCP port number where the physical/domain server listens

for HTTP web or web services connections. The valid range is from 0

to 65,535.

This option appears only if Deployment Mode is Single Server.

Setting name Description