OPNsense Forum

English Forums => General Discussion => Topic started by: penley on October 07, 2016, 03:57:47 pm

Title: DDOS protection
Post by: penley on October 07, 2016, 03:57:47 pm

Does OPNsense by default have dos and ddos prevention or is this something that needs to be configured?
We're not experiencing any issues at the moment, I'm just asking for clarification.

Kind regards,
penley

Title: Re: DDOS protection
Post by: fabian on October 07, 2016, 07:16:39 pm

As far as I know no appliance can do that for you because the problem of a DDoS usually is the limited bandwidth of your WAN connection.
OPNsense can use the synproxy state to protect against SYN floods, which can be enabled in the rules (advanced option).

Title: Re: DDOS protection
Post by: franco on October 10, 2016, 11:34:17 pm

Hi penley,

If the firewall machine is powerful enough to protect your internal assets the synproxy is good enough. So if you did not have one before that might work. If the traffic is too high, you need other kinds of mitigation, but it also depends on the type of attack.


Cheers,
Franco