DoS Protection Profiles and Policy Rules
Protect groups of similar resources and critical individual
resources against session floods.
DoS Protection profiles and DoS Protection policy rules
combine to protect specific groups of critical resources and individual
critical resources against session floods. Compared to Zone Protection
profiles, which protect entire zones from flood attacks, DoS protection
provides granular defense for specific systems, especially critical
systems that users access from the internet and are often attack
targets, such as web servers and database servers. Apply both types
of protection because if you only apply a Zone Protection profile,
then a DoS attack that targets a particular system in the zone can
succeed if the total connections-per-second (CPS) doesn’t exceed
the zone’s Activate and Maximum rates.
DoS Protection is resource-intensive, so use it only for critical
systems. Similar to Zone Protection profiles, DoS Protection profiles specify
flood thresholds. DoS Protection policy rules determine the devices,
users, zones, and services to which DoS Profiles apply.