DoS Protection Policy Rules
DoS protection policy rules provide granular matching criteria so that you have flexibility in defining what you want to protect:
- Source zone or interface
- Destination zone or interface
- Source IP addresses and address ranges, address group objects, and countries
- Destination IP addresses and address ranges, address group objects, and countries
- Services (by port and protocol)
The flexible matching criteria enable you to protect entire zones or subnets, a single server, or anything in between. When traffic matches a DoS protection policy rule, the firewall takes one of three actions:
- Deny—The firewall denies access and doesn’t apply a DoS protection profile. Denying essentially blacklists traffic that matches the rule.
- Allow—The firewall permits access and doesn’t apply a DoS protection profile. Allowing essentially whitelists traffic that matches the rule.
- Protect—The firewall applies the specified DoS protection profile or profiles. A DoS protection policy rule can have one aggregate DoS protection profile and one classified DoS protection profile. Incoming packets count against both DoS protection profiles if the they match the rule. The Protect action protects against floods by applying the thresholds set in the DoS protection profile or profiles to traffic that matches the rule.
The firewall only applies DoS protection profiles if the Action is Protect. If the DoS protection policy rule’s Action is Protect, specify the appropriate aggregate and/or classified DoS protection profile in the rule so that the firewall applies the DoS protection profile to traffic that matches the rule.
You can attach both an aggregate and a classified DoS protection profile to a DoS protection policy rule. The firewall checks and enforces the aggregate rate limits before it checks the classified rate limits, so if the match criteria matches both profiles, the thresholds in the aggregate profile are used first.
DoS Protection Profiles and Policy Rules
DoS Protection Profiles and Policy Rules DoS protection profiles and DoS protection policy rules combine to protect specific areas of your network against packet flood ...
DoS Protection Profiles
DoS Protection Profiles When you create DoS protection policy rules, you apply DoS protection profiles to the policy rules if the rules have an action ...
DoS Protection Option/Protection Tab
DoS Protection Option/Protection Tab Select the Option/Protection tab to configure options for the DoS Protection policy rule, such as the type of service (http or ...
Zone Defense Tools
Zone Defense Tools Palo Alto Networks firewalls provide three complementary tools to protect the zones in your network: Zone protection profiles defend the zone at ...
Policies > DoS Protection
Policies > DoS Protection A DoS Protection policy allows you to protect against DoS attacks by specifying whether to deny or allow packets that match ...
Objects > Security Profiles > DoS Protection
Objects > Security Profiles > DoS Protection DoS Protection profiles are designed for high-precision targeting and they augment Zone Protection profiles. A DoS Protection profile ...
Multiple-Session DoS Attack
Multiple-Session DoS Attack Configure DoS Protection Against Flooding of New Sessions by configuring a DoS Protection policy rule, which determines the criteria that, when matched ...
Apply Policies to the VM-Series Firewall
Apply Security Policies to the VM-Series Firewall Now that you have created the steering rules on Panorama and pushed them to the NSX Manager, you ...
Monitor > Block IP List
Monitor > Block IP List You can configure the firewall to place IP addresses on the block list in several ways, including the following: Configure ...