Session Packet Buffer Protection

Printer Friendly Page

Session Packet Buffer Protection

 

 

To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure packet buffer protection. Packet buffer protection settings are configured globally and then applied per ingress zone. The firewall monitors how sessions utilize the packet buffer and then takes action against the session if it exceeds a configured percentage of utilization. As the various thresholds are met, the firewall takes increasingly severe action against the offending session or IP address. In addition to monitoring the buffer utilization of individual sessions, packet buffer protection can also block an IP address if certain criteria are met. While the firewall monitors the packet buffers, if it detects a source IP address rapidly creating sessions that would not individually be seen as an attack, action is taken against that address. Packet Buffer Protection helps protect from attacks or abusive traffic that causes system resources to back up and cause legitimate traffic to be dropped. To view top sessions resource usage. show running resource-monitor ingress-backlogs Alert Logs are seen in System logs and discarded sessions and blocked IP addresses are seen in Threat Logs. SNMP MIBs from Pan OS 8.0 also have coverage for this feature.

 

For additional resources regarding BPA, visit our LIVEcommunity BPA tool page.
View videos regarding BPA Network best practice checks.
View videos regarding BPA Policies best practice checks.
View videos regarding BPA Objects best practice checks.
View videos regarding BPA Device best practice checks.
You may also view other BPA video playlist on the LIVEcommunity YouTube channel.
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
1 of 1
Last update:
‎07-07-2020 09:06 AM
Updated by:
 
Labels
Contributors