https://live.paloaltonetworks.com/t5/advanced-threat-prevention/packet-buffer-protection-pbp/m-p/1229172#M2446 <P>We are receiving multiple alerts for Packet Buffer Protection (PBP) being triggered on internal-to-internal and internal-to-external traffic. My understanding is that PBP is primarily intended to protect against DoS attacks, which are typically external-to-internal in nature.<BR />Is it expected behavior for PBP to be triggered by internal-to-internal or internal-to-external traffic? Should PBP be configured to monitor all traffic directions, or is it best practice to apply it mainly for external-to-internal flows? Any insight or recommendations would be appreciated.</P> Thu, 15 May 2025 18:19:26 GMT User_707 2025-05-15T18:19:26Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/packet-buffer-protection-pbp/m-p/1229172#M2446 <P>We are receiving multiple alerts for Packet Buffer Protection (PBP) being triggered on internal-to-internal and internal-to-external traffic. My understanding is that PBP is primarily intended to protect against DoS attacks, which are typically external-to-internal in nature.<BR />Is it expected behavior for PBP to be triggered by internal-to-internal or internal-to-external traffic? Should PBP be configured to monitor all traffic directions, or is it best practice to apply it mainly for external-to-internal flows? Any insight or recommendations would be appreciated.</P> Thu, 15 May 2025 18:19:26 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/packet-buffer-protection-pbp/m-p/1229172#M2446 User_707 2025-05-15T18:19:26Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/packet-buffer-protection-pbp/m-p/1229257#M2447 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/953534295">@User_707</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for info, It's completely depends on environment and requirements. You can configure it for internal-internal or internal-to-external traffic.</P> <P><BR />You can refer the below docs for more details:<BR /><BR /></P> <P><SPAN>DoS and Zone Protection Best Practices</SPAN></P> <P><SPAN><A href="https://docs.paloaltonetworks.com/best-practices/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/deploy-dos-and-zone-protection-using-best-practices" target="_blank">https://docs.paloaltonetworks.com/best-practices/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/deploy-dos-and-zone-protection-using-best-practices</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>Baseline CPS Measurements for Setting Flood Thresholds</SPAN></P> <P><SPAN><A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>Zone protection profiles</SPAN></P> <P><SPAN><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CAC</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>How to Measure CPS</SPAN></P> <P><SPAN><A href="https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps" target="_blank">https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>How to Verify if Zone Protection is Working</SPAN></P> <P><SPAN><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhzCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhzCAC</A></SPAN></P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/packet-buffer-protection" target="_blank">https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/packet-buffer-protection</A></P> Fri, 16 May 2025 09:37:33 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/packet-buffer-protection-pbp/m-p/1229257#M2447 mshekh 2025-05-16T09:37:33Z