Security Profile: DoS Protection Profile
DoS Protection profiles provide detailed control for Denial of Service (DoS) protection
security rules.
Where Can I Use This? | What Do I Need? |
NGFW (Cloud Managed) NGFW (PAN-OS & Panorama Managed)
|
Check for any license or role requirements for the products you're
using. |
DoS Protection profiles provide detailed control for Denial of Service (DoS) protection security rules. DoS security rules allow you to control the number of sessions between interfaces,
zones, addresses, and countries based on aggregate sessions or source and/or destination
IP addresses. There are two DoS protection mechanisms that Palo Alto Networks
supports.
Flood Protection
—Detects and prevents
attacks where the network is flooded with packets resulting in too
many half-open sessions and/or services being unable to respond
to each request. In this case the source address of the attack is
usually spoofed.
Resource Protection
— Detects and prevent session exhaustion attacks. In
this type of attack, a large number of hosts (bots) are used to establish as
many fully established sessions as possible to consume all of a system’s
resources.
You can enable both types of protection mechanisms in a single DoS Protection profile.
The DoS profile is used to specify the type of action to take and details on matching criteria
for the DoS policy. The DoS profile defines settings for SYN, UDP, and ICMP floods, can
enable resource protection and defines the maximum number of concurrent connections.
After you configure the DoS Protection profile, you then attach it to a DoS policy.
When configuring DoS protection, it's important to analyze your environment to set the correct
thresholds. See
DoS Protection Profiles to learn more.
Configure a DoS Protection Profile
