Focus

Next-Generation Firewall

DoS Protection Source Tab

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

DoS Protection General Tab

DoS Protection Destination Tab

DoS Protection Source Tab

Select the Source tab to define the source interface(s) or source zone(s), and optionally the source address(es) and source user(s) that define the incoming traffic to which the DoS policy rule applies.

Field	Description
Type	Select the type of source to which the DoS Protection policy rule applies: Interface —Apply the rule to traffic coming from the specified interface or group of interfaces. Zone—Apply the rule to traffic coming from any interface in a specified zone. Click Add to select multiple interfaces or zones.
Source Address	Select Any or Add and specify one or more source addresses to which the DoS Protection policy rule applies. (`Optional`) Select Negate to specify that the rule applies to any addresses except those specified.
Source User	Specify one or more source users to which the DoS Protection policy rule applies: any—Includes packets regardless of the source user. pre-logon—Includes packets from remote users that are connected to the network using GlobalProtect, but are not logged into their system. When pre-logon is configured on the Portal for GlobalProtect apps, any user who is not currently logged into their machine will be identified with the username pre-logon. You can then create policies for pre-logon users and although the user is not directly logged in, their machines are authenticated on the domain as if they were fully logged in. known-user—Includes all authenticated users, which means any IP address with user data mapped. This option is equivalent to the “domain users” group on a domain. unknown—Includes all unauthenticated users, which means IP addresses that are not mapped to a user. For example, you could use unknown for guest level access to something because they will have an IP address on your network, but will not be authenticated to the domain and will not have IP address-to-username mapping information on the firewall. Select—Includes users specified in this window. For example, you can select one user, a list of individuals, some groups, or manually add users. If the firewall collects user information from a RADIUS, TACACS+, or SAML identity provider server and not from the User-ID™ agent, the list of users does not display; you must enter user information manually.

DoS Protection General Tab

DoS Protection Destination Tab

Next-Generation Firewall Docs

DoS Protection Source Tab

Next-Generation Firewall Docs

DoS Protection Source Tab

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner