DoS Protection Profiles and Policy Rules

DoS protection profiles and DoS protection policy rules combine to protect specific areas of your network against packet flood attacks and to protect individual resources against session floods.
DoS protection profiles set the protection thresholds to provide DoS Protection Against Flooding of New Sessions for IP floods (connections-per-second limits), to provide resource protection (maximum concurrent session limits for specified endpoints and resources), and to configure whether the profile applies to aggregate or classified traffic. DoS protection policy rules control where to apply DoS protection and what action to take when traffic matches the criteria defined in the rule.
Unlike a zone protection profile, which protects only the ingress zone, DoS protection profiles and policy rules can protect specific resources inside a zone and traffic flowing between different endpoints and areas. Also unlike a zone protection profile, which supports only aggregate traffic, you can configure aggregate or classified DoS protection profiles and policy rules.

Related Documentation