https://live.paloaltonetworks.com/t5/general-topics/please-help-clarify-about-action-of-dos-protection-policy/m-p/464371#M102488 <P>Hi</P><P>&nbsp;</P><P>Thank you for your detail.&nbsp;</P> Wed, 09 Feb 2022 04:50:30 GMT Jitaphon 2022-02-09T04:50:30Z https://live.paloaltonetworks.com/t5/general-topics/please-help-clarify-about-action-of-dos-protection-policy/m-p/464164#M102452 <P>We understand DoS protection works when we set action Protect.</P><P>&nbsp;</P><P>We need to know the benefits to setting action Allow and Deny.</P><P>&nbsp;</P><P>Because we think that option is the same as normal security policy.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jitaphon_0-1644319100938.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39015iF954100D6F687663/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Jitaphon_0-1644319100938.png" alt="Jitaphon_0-1644319100938.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Thank you.</P> Tue, 08 Feb 2022 11:18:31 GMT https://live.paloaltonetworks.com/t5/general-topics/please-help-clarify-about-action-of-dos-protection-policy/m-p/464164#M102452 Jitaphon 2022-02-08T11:18:31Z https://live.paloaltonetworks.com/t5/general-topics/please-help-clarify-about-action-of-dos-protection-policy/m-p/464231#M102468 <P>Hello there.</P> <P>&nbsp;</P> <P>DoS policies are evaluated before security policies, if you truly follow the PANW flow logic.</P> <P>If true, then the DoS policies are extremely beneficial to protect your network.</P> <P>&nbsp;</P> <P>Example:&nbsp; Some companies want to block the EDLs (the 4 built in external dynamic lists), and they put them into the security policies, to typically DENY access.</P> <P>&nbsp;</P> <P>Why not use a DoS policy with the DENY function.&nbsp; This way, if any IP from the 4 EDLs attempt to connect to the FW (before a session is created) the action in DoS can be DENY.</P> <P>&nbsp;</P> <P>Now, there will always be workarounds, perhaps, the company wants to block foreign countries (example, block non-USA sourced traffic), and then some employees go on vacation to Mexico, and need access to GP.</P> <P>&nbsp;</P> <P>Well, then you could create an ALLOW rule, above your non-foreign country rule, to allow MEX to try and establish a session.&nbsp;</P> <P>&nbsp;</P> <P>In summary, I have provided both a DENY and an ALLOW explanations.</P> Tue, 08 Feb 2022 15:33:30 GMT https://live.paloaltonetworks.com/t5/general-topics/please-help-clarify-about-action-of-dos-protection-policy/m-p/464231#M102468 S.Cantwell 2022-02-08T15:33:30Z https://live.paloaltonetworks.com/t5/general-topics/please-help-clarify-about-action-of-dos-protection-policy/m-p/464371#M102488 <P>Hi</P><P>&nbsp;</P><P>Thank you for your detail.&nbsp;</P> Wed, 09 Feb 2022 04:50:30 GMT https://live.paloaltonetworks.com/t5/general-topics/please-help-clarify-about-action-of-dos-protection-policy/m-p/464371#M102488 Jitaphon 2022-02-09T04:50:30Z