How to mitigate DoS and DDoS Attacks towards SMA Appliances
Description
This article explains some of the configuration steps you may take to reduce the impact of DoS and DDoS attacks towards the SMA appliance.
Please note that these types of attacks may vary and this guide is intended to provide just some common steps to reduce the attack surface.
CAUTION: It’s very important that a firewall is placed in front of the SMA appliance and act as a filter for such attacks as recommended in our deployment guides.
Resolution
Below a few basic steps to protect SMA using WAF policy/rules.
- Create Rule Chains:
- Locking AD account by unknown user brute force: Enable the following option on the SMA to only allow the login of the listed user.
- Virtual Office Portals: if the attacker is trying to flood with requests on each domain with the same unknown user, we recommend to hide the domain list on the portal login page, so the attackers cannot fetch the available domains on the appliance therefore reducing the attack surface and success rate
Other possible steps:
- Check the source IP of the attack and manually add it in the botnet policy to deny it.
- Use the upstream firewall as a filter to reduce the amount of unsolicited/unwanted requests arriving to the SMA. If the upstream device is a SonicWall firewall, here some articles that can help configuring it to mitigate DDoS attacks:
- How can I configure the SonicWall to mitigate DDoS attacks? | SonicWall
- Video: How to Configure DoS and Flood Protection on a SonicWall SonicOS 7 Firewall (youtube.com)
- How to configure SonicWall Geo-IP Filter using Firewall Access Rules.
- How to Configure Botnet Filtering with Firewall Access Rules | SonicWall
If you still have any other behaviors or symptoms, please share more details along with TSR for further review.
1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case.
2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.
If you do not have a mysonicwall.com account create one for free!