Discard a Session Without a Commit
Perform this task to permanently discard a session, such as a session that is overloading the packet buffer. No commit is required; the session is discarded immediately after executing the command. The commands apply to both offloaded and non-offloaded sessions.
- In the CLI, execute the following operational
command on any hardware model:
admin@PA-7050> request session-discard [timeout <seconds>] [reason <reason-string>] id <session-id>The default timeout is 3,600 seconds.
- Verify that sessions have been discarded.
admin@PA-7050> show session all filter state discard
Identify Sessions That Use an Excessive Percentage of the Packet Buffer
Identify Sessions That Use an Excessive Percentage of the Packet Buffer When a firewall exhibits signs of resource depletion, it might be experiencing an attack ...
Configure Packet Buffer Protection
Configure Packet Buffer Protection You configure Packet Buffer Protection settings globally and then apply them per ingress zone. When the firewall detects high buffer utilization, ...
Configure Session Timeouts
Configure Session Timeouts A session timeout defines the duration of time for which PAN-OS maintains a session on the firewall after inactivity in the session. ...
Session Timeouts A session timeout defines the duration for which PAN-OS maintains a session on the firewall after inactivity in the session. By default, when ...
DoS Protection Against Flooding of New Sessions
DoS Protection Against Flooding of New Sessions DoS protection against flooding of new sessions is beneficial against high-volume single-session and multiple-session attacks. In a single-session ...
Disable Hardware Offload
Disable Hardware Offload Packet captures for traffic passing through the network data ports on a Palo Alto Networks firewall are performed by the dataplane CPU. ...