Policies > DoS Protection

A DoS Protection policy allows you to protect against DoS attacks by specifying whether to deny or allow packets that match a source interface, zone, address or user and/or a destination interface, zone, or user.
Alternatively, you can choose the Protect action and specify a DoS profile where you set the thresholds (sessions or packets per second) that trigger an alarm, activate a protective action, and indicate the maximum rate above which packets are dropped. Thus, you can control the number of sessions between interfaces, zones, addresses, and countries based on aggregate sessions or source and/or destination IP addresses. For example, you can control traffic to and from certain addresses or address groups, or from certain users and for certain services.
The firewall enforces DoS Protection policy rules before Security policy rules to ensure the firewall uses its resources in the most efficient manner. If a DoS Protection policy rule denies a packet, that packet never reaches a Security policy rule.
The following tables describe the DoS Protection policy settings:
Looking for more?

Related Documentation