Policies > DoS Protection
A DoS Protection policy allows you to protect individual
critical resources against DoS attacks by specifying whether to
deny or allow packets that match a source interface, zone, address
or user and/or a destination interface, zone, or user.
Alternatively, you can choose the Protect action and specify
a
DoS profile where you
set the thresholds (sessions or packets per second) that trigger
an alarm, activate a protective action, and indicate the maximum
rate above which all new connections are dropped. Thus, you can
control the number of sessions between interfaces, zones, addresses,
and countries based on aggregate sessions or source and/or destination
IP addresses. For example, you can control traffic to and from certain
addresses or address groups, or from certain users and for certain
services.
The firewall enforces DoS Protection policy rules before Security
policy rules to ensure the firewall uses its resources in the most
efficient manner. If a DoS Protection policy rule denies a packet,
that packet never reaches a Security policy rule.
The following tables describe the DoS Protection policy settings:
Looking for more?