Configure Packet Buffer Protection Based on Latency
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Configure Packet Buffer Protection Based on Latency
Configure packet buffer protection based on latency for
traffic that is latency-sensitive.
Configure packet buffer protection
based on latency and apply it to zones that have traffic
consisting of protocols and applications that are latency-sensitive.
In PAN-OS 11.2.3 and later versions, you can configure
packet buffer protection based on latency alongside the global packet buffer protection settings.
- Select DeviceSetupSession.Edit the Session Settings section and enable Packet Buffer Protection.Enable Buffering Latency Based.Enter the Latency Alert (milliseconds) threshold above which the firewall starts generating an Alert log event every minute; range is 1 to 20,000; default is 50.Enter the Latency Activate (milliseconds) threshold above which the firewall activates random early drop (RED) on incoming packets and starts generating an Activate log every 10 seconds; range is 1 to 20,000ms; default is 200ms.Enter the Latency Max Tolerate (milliseconds) threshold above which the firewall uses RED with close to 100% drop probability; range is 1 to 20,000ms; default is 500ms.If the current latency is a value between the Latency Activate threshold and the Latency Max Tolerate threshold, the firewall calculates the RED drop probability as follows: (current latency - Latency Activate threshold) / (Latency Max Tolerate threshold - Latency Activate threshold). For example, if the current latency is 300, Latency Activate is 200, and Latency Max Tolerate is 500, then (300-200)/(500-200) = 1/3, meaning the firewall uses approximately 33% RED drop probability.Configure the Block Hold Time and Block Duration as for Packet Buffer Protection based on utilization.Click OK.Enable the second layer of protection for each zone where you want packet buffer protection based on latency.
- Select NetworkZones and select a zone.Enable Packet Buffer Protection.Commit.