Explanation of F5 DDoS threshold modes

Der Reader, In my article “Concept of Device DOS and DOS profile”, I recommended to use the “Fully Automatic” or “Multiplier” based configuration option for some DOS vectors. In this article I would...
Published Feb 12, 2020
Version 1.0
AFM
ddos
dhd
dos
flood
Security
series-defense-against-ddos
threshold
Max_P's avatar
Max_P
Icon for Nimbostratus rankNimbostratus
Jan 26, 2023

Hi Sven,

First of all, thanks again for your reply in the other post.

I have a question regarding the "Detection Threshold %" of the fully manual mode.

I've trying to get an alert with this threshold on a protected object, but with no much success. I've configured the detection eps and mitigation eps to a very high value above 40k to make sure that I didn't get an alert and no mitigation occur with this two thresholds and generated a baseline of 160 eps for about 4 hours and keep it running while I generate an attack of around 20k eps and let the "Detection Threshold %" at 200 but never get the alert.

The vectorI tested was SYN Flood with only the threshols configured, no bad actor enabled.

An I missing something here?

Thanks in advance.

Maxi