DoS protection profiles and DoS protection policy rules
combine to protect specific areas of your network against packet
flood attacks and to protect individual resources against session
DoS protection profiles set the protection thresholds to provide DoS Protection Against Flooding of New Sessions for
IP floods (connections-per-second limits), to provide resource protection (maximum
concurrent session limits for specified endpoints and resources),
and to configure whether the profile applies to aggregate or classified
traffic. DoS protection policy rules control where to apply DoS
protection and what action to take when traffic matches the criteria
defined in the rule.
Unlike a zone protection profile, which protects only the ingress
zone, DoS protection profiles and policy rules can protect specific
resources inside a zone and traffic flowing between different endpoints
and areas. Also unlike a zone protection profile, which supports
only aggregate traffic, you can configure aggregate or classified
DoS protection profiles and policy rules.