Configure Packet Buffer Protection

You configure Packet Buffer Protection settings globally and then apply them per ingress zone. When the firewall detects high buffer utilization, the firewall only monitors and takes action against sessions from zones with packet buffer protection enabled. Therefore, if the abusive session is from a zone without packet buffer protection, the high packet buffer utilization continues. Packet buffer protection can be applied to a zone but it is not active until global settings are configured and enabled.
  1. Configure the global session thresholds.
    1. Select
      Device
      Setup
      Session
      .
    2. Edit
      the Session Settings.
    3. Select the
      Packet Buffer Protection
      check box to enable and configure the packet buffer protection thresholds.
    4. Enter a value for each threshold and timer to define the packet buffer protection behavior.
      • Alert (%)
        —When packet buffer utilization exceeds this threshold for more than 10 seconds, the firewall creates a log event every minute. The firewall generates log events when packet buffer protection is enabled globally. The default threshold is 50% and the range is 0% to 99%. If the value is 0%, the firewall does not create a log event.
      • Activate (%)
        —When a packet buffer utilization exceeds this threshold, the firewall applies RED to abusive sessions. The default threshold is 50% and the range is 0% to 99%. If the value is 0%, the firewall does not apply RED.
        The firewall records alert events in the System log and events for dropped traffic, discarded sessions, and blocked IP address in the Threat log.
      • Block Hold Time (sec)
        —The amount of time a RED-mitigated session is allowed to continue before the firewall discards it. By default, the block hold time is 60 seconds. The range is 0 to 65,535 seconds. If the value is 0, the firewall does not discard sessions based on packet buffer protection.
      • Block Duration (sec)
        —This setting defines how long a session remains discarded or an IP address remains blocked. The default is 3,600 seconds with a range of 1 seconds to 15,999,999 seconds.
    5. Click
      OK
      .
    6. Commit
      your changes.
  2. Enable packet buffer protection on an ingress zone.
    1. Select
      Network
      Zones
      .
    2. Choose an ingress zone and click on its name.
    3. Select the
      Enable Packet Buffer Protection
      check box in the Zone Protection section.
    4. Click
      OK
      .
    5. Commit
      your changes.

Related Documentation