Zone protection defends zones from flooding, reconnaissance,
packet-based, and protocol-based attacks with zone protection profiles,
and from targeted flooding and resource attacks with denial-of-service
(DoS) protection profiles and Dos protection policy rules, to complement
next-generation firewall features such as App-ID and User-ID. A
DoS attack overloads the network with large amounts of unwanted
traffic an attempt to disrupt network services.
Unlike security policy rules, there are no default zone protection
profiles or DoS protection profiles and DoS protection policy rules.
You configure and apply zone protection based on the way you segment
your network into zones and on what you want to protect in each