DoS Protection Option/Protection Tab
Select the Option/Protection tab to configure options for the DoS Protection policy rule, such as the type of service (http or https) to which the rule applies, the action to take against packets that match the rule, and whether or not to trigger a log forward for matched traffic. You can define a schedule for when the rule is active.
You can also select an aggregate DoS Protection profile and/or a classified DoS Protection profile, which determine the threshold rates that, when exceeded, cause the firewall to take protective actions, such as trigger an alarm, activate an action such as Random Early Drop, and drop packets that exceed the maximum threshold rate.
Click Add and select one or more services to which the DoS Protection policy applies. The default is Any service.
Select the action that the firewall performs on packets that match the DoS Protection policy rule:
Specify the schedule when the DoS Protection policy rule is in effect. The default setting of None indicates no schedule; the policy is always in effect.
Alternatively, select a schedule or create a new schedule to control when the DoS Protection policy rule is in effect. Enter a Name for the schedule. Select Shared to share this schedule with every virtual system on a multiple virtual system firewall. Select a Recurrence of Daily, Weekly, or Non-recurring. Add a Start Time and End Time in hours:minutes, based on a 24-hour clock.
If you want to trigger forwarding of threat log entries for matched traffic to an external service, such as to a syslog server or Panorama, select a Log Forwarding profile or click Profile to create a new one.
Only traffic that matches an action in the rule will be logged and forwarded.
Select an Aggregate DoS Protection profile that specifies the threshold rates at which the incoming connections per second trigger an alarm, activate an action, and exceed a maximum rate. All incoming connections (the aggregate) count toward the thresholds specified in an Aggregate DoS Protection profile.
An Aggregate profile setting of None means there are no threshold settings in place for the aggregate traffic. See Objects > Security Profiles > DoS Protection.
Select this option and specify the following:
If you specify a Classified DoS Protection profile, only the incoming connections that match a source IP address, destination IP address, or source and destination IP address pair count toward the thresholds specified in the profile. For example, you can specify a Classified DoS Protection profile with a Max Rate of 100 cps, and specify an Address setting of source-ip-only in the rule. The result would be a limit of 100 connections per second for that particular source IP address.
Objects > Security Profiles > DoS Protection
Objects > Security Profiles > DoS Protection DoS Protection profiles are designed for high-precision targeting and they augment Zone Protection profiles. A DoS Protection profile ...
Policies > DoS Protection
Policies > DoS Protection A DoS Protection policy allows you to protect against DoS attacks by specifying whether to deny or allow packets that match ...
DoS Protection Policy Rules
DoS Protection Policy Rules DoS protection policy rules provide granular matching criteria so that you have flexibility in defining what you want to protect: Source ...
DoS Protection Profiles
DoS Protection Profiles When you create DoS protection policy rules, you apply DoS protection profiles to the policy rules if the rules have an action ...
Protect your data center web servers and the firewall from DoS attacks to prevent attackers from taking down your data center network. ...
Configure DoS Protection Against Flooding of New Sessions
Configure DoS Protection Against Flooding of New Sessions Configure Security policy rules to deny traffic from the attacker’s IP address and allow other traffic based ...
DoS Protection Against Flooding of New Sessions
DoS Protection Against Flooding of New Sessions DoS protection against flooding of new sessions is beneficial against high-volume single-session and multiple-session attacks. In a single-session ...
DoS Protection Profiles and Policy Rules
DoS Protection Profiles and Policy Rules DoS protection profiles and DoS protection policy rules combine to protect specific areas of your network against packet flood ...
Flood Protection A zone protection profile with flood protection configured defends an entire ingress zone against SYN, ICMP, ICMPv6, UDP, and other IP floods. The ...