Handling of Fragmented Traffic to check for Vulnerability

Handling of Fragmented Traffic to check for Vulnerability

20725
Created On 09/26/18 13:50 PM - Last Modified 06/06/23 02:45 AM


Resolution


Overview

The firewall is able to recognize attacks in fragmented packets. The way it is done:

  • The system buffers the fragments
  • Reassemble them
  • Checks for any vulnerability
  • Fragments again and sends it out

 

The fragmented packets sent out may not exactly match the fragmented packets that came in, specially if packets were received out of order.

 

If the buffer gets full there is an option to either allow the fragmented traffic or drop it.

This can be set from CLI with the command from Configuration menu

#set deviceconfig setting tcp bypass-exceed-oo-queue

 

owner: mbutt
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClrxCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language