Distributed Denial of Service (DDoS) attacks are very similar to flood attacks. In a DDoS attack, many different clients and servers send connections to one computer system to try to flood the system. When a DDoS attack occurs, legitimate users cannot use the targeted system.
The default configuration of the XTM device is to block DDoS attacks. From
Per Server Quota
The Per Server Quota applies a limit to the number of connections per second from any external source to the XTM device external interface. This includes connections to internal servers allowed by a static NAT policy. The Per Server Quota is based on the number of connection requests to any one destination IP address, regardless of the source IP address. After the threshold is reached, the XTM device drops incoming connection requests from any host.
For example, when the Per Server Quota is set to the default value of 100, the XTM device drops the 101st connection request received in a one second time frame from any external IP address. The source IP address is not added to the blocked sites list.
Per Client Quota
The Per Client Quota applies a limit to the number of outbound connections per second from any source protected by the XTM device to any destination. The Per Client Quota is based on the number of connection requests from any one source IP address, regardless of the destination IP address.
For example, when the Per Client Quota is set to the default value of 100, the XTM device drops the 101st connection request received in a one second time frame from an IP address on the trusted or optional network to any destination IP address.
About Default Packet Handling Options