Session Packet Buffer Protection
To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure packet buffer protection. Packet buffer protection settings are configured globally and then applied per ingress zone. The firewall monitors how sessions utilize the packet buffer and then takes action against the session if it exceeds a configured percentage of utilization. As the various thresholds are met, the firewall takes increasingly severe action against the offending session or IP address. In addition to monitoring the buffer utilization of individual sessions, packet buffer protection can also block an IP address if certain criteria are met. While the firewall monitors the packet buffers, if it detects a source IP address rapidly creating sessions that would not individually be seen as an attack, action is taken against that address. Packet Buffer Protection helps protect from attacks or abusive traffic that causes system resources to back up and cause legitimate traffic to be dropped. To view top sessions resource usage. show running resource-monitor ingress-backlogs Alert Logs are seen in System logs and discarded sessions and blocked IP addresses are seen in Threat Logs. SNMP MIBs from Pan OS 8.0 also have coverage for this feature.
