DOS protection in F5

Question

Dear All, &nbsp;
Can anyone tell me the calculation behind ASM DOS protection .&nbsp;
Does the DOS policy learns some baselines during the ERP period based on the calculation? Please guide.&nbsp;
I have kept the DOS policy in block mode and it blocks even when the connection count is within 10 from individual IP's&nbsp;
The default configuration values in F5 DOS policy are &nbsp;
IP detection criteria 
TPS increased by - 500 ;
TPS reached - 200 ;
Minimum TPS Threshold for detection - 40 .&nbsp;
Prevention policy 
Client side Integrity defense&nbsp;
Source IP-Based
Geolocation-Based,
URL-Based,
Site-wide.&nbsp;

chris_grant · Answer

I can shed some light on the baselines.  We don't start caring about how many transactions are happening until you've reached 40 transactions per second (to prevent baselining at no connections and erroneously blocking legitimate traffic).  We won't take any action unless you have at least 200 transactions per second coming in, and we won't trigger unless the traffic coming in has increased by 500 transactions per second.&nbsp;
If you mean that you have IPs being blocked at 10 transactions per second, then I would recommend opening a case with support.&nbsp;

Forum Discussion

DOS protection in F5

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

L7 DoS Protection with NGINX App Protect DoS

Demonstration of Device DoS and Per-Service DoS protection

The End of ClientAuth EKU…Oh Mercy…What to do?

Runtime API Security: From Visibility to Enforced Protection

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS