You configure Packet
Buffer Protection settings globally and then apply them per
ingress zone. When the firewall detects high buffer utilization,
the firewall only monitors and takes action against sessions from
zones with packet buffer protection enabled. Therefore, if the abusive
session is from a zone without packet buffer protection, the high
packet buffer utilization continues. Packet buffer protection can
be applied to a zone but it is not active until global settings
are configured and enabled.
Configure the global session thresholds.
the Session Settings.
Packet Buffer Protection
box to enable and configure the packet buffer protection thresholds.
Enter a value for each threshold and timer to define
the packet buffer protection behavior.
—When packet buffer utilization
exceeds this threshold for more than 10 seconds, the firewall creates
a log event every minute. The firewall generates log events when
packet buffer protection is enabled globally. The default threshold
is 50% and the range is 0% to 99%. If the value is 0%, the firewall
does not create a log event.
—When a packet buffer utilization exceeds
this threshold, the firewall applies RED to abusive sessions. The
default threshold is 50% and the range is 0% to 99%. If the value
is 0%, the firewall does not apply RED.
records alert events in the System log and events for dropped traffic,
discarded sessions, and blocked IP address in the Threat log.
Block Hold Time (sec)
—The amount of time a RED-mitigated
session is allowed to continue before the firewall discards it.
By default, the block hold time is 60 seconds. The range is 0 to
65,535 seconds. If the value is 0, the firewall does not discard
sessions based on packet buffer protection.
Block Duration (sec)
—This setting defines how long
a session remains discarded or an IP address remains blocked. The
default is 3,600 seconds with a range of 1 seconds to 15,999,999
Enable packet buffer protection on an ingress zone.