config fp-anomaly-v6
fp-anomaly-v6 Configure how the NP6 processor does IPv6 traffic anomaly protection. You can configure the NP6 pro- cessor to allow or drop the packets associated with an attack or forward the packets that are associated with the attack to FortiOS (called “trap-to-host”). Selecting “trap-to-host” turns off NP6 anomaly pro- tection for that anomaly. If you require anomaly pro- tection you can enable it with a DoS policy.
ipv6-daddr_err {allow |
drop | trap-to-host}
Detects destination address as unspecified or loop- back address anomalies.
trap-to-host
ipv6-land {allow | drop |
trap-to-host}
ipv6-optendpid {allow |
drop | trap-to-host}
Detects IPv6 land anomalies trap-to-host
Detects end point identification anomalies. trap-to-host
ipv6-opthomeaddr {allow |
drop | trap-to-host}
Detects home address option anomalies. trap-to-host
Command Description Default
ipv6-optinvld {allow |
drop | trap-to-host}
Detects invalid option anomalies. trap-to-host
ipv6-optjumbo {allow |
drop | trap-to-host}
Detects jumbo options anomalies. trap-to-host
ipv6-optnsap {allow |
drop | trap-to-host}
Detects network service access point address option anomalies.
trap-to-host
ipv6-optralert {allow |
drop | trap-to-host}
ipv6-opttunnel {allow |
drop | trap-to-host}
Detects router alert option anomalies. trap-to-host
Detects tunnel encapsulation limit option anomalies. trap-to-host
ipv6-proto-err {allow |
drop | trap-to-host}
ipv6-saddr_err {allow |
drop | trap-to-host}
Detects layer 4 invalid protocol anomalies. trap-to-host
Detects source address as multicast anomalies. trap-to-host
ipv6-unknopt {allow |
drop | trap-to-host}
Detects unknown option anomalies. trap-to-host