Session Packet Buffer Protection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
L4 Transporter
No ratings

Session Packet Buffer Protection

 

 

To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure packet buffer protection. Packet buffer protection settings are configured globally and then applied per ingress zone. The firewall monitors how sessions utilize the packet buffer and then takes action against the session if it exceeds a configured percentage of utilization. As the various thresholds are met, the firewall takes increasingly severe action against the offending session or IP address. In addition to monitoring the buffer utilization of individual sessions, packet buffer protection can also block an IP address if certain criteria are met. While the firewall monitors the packet buffers, if it detects a source IP address rapidly creating sessions that would not individually be seen as an attack, action is taken against that address. Packet Buffer Protection helps protect from attacks or abusive traffic that causes system resources to back up and cause legitimate traffic to be dropped. To view top sessions resource usage. show running resource-monitor ingress-backlogs Alert Logs are seen in System logs and discarded sessions and blocked IP addresses are seen in Threat Logs. SNMP MIBs from Pan OS 8.0 also have coverage for this feature.

 

For additional resources regarding BPA, visit our LIVEcommunity BPA tool page.
View videos regarding BPA Network best practice checks.
View videos regarding BPA Policies best practice checks.
View videos regarding BPA Objects best practice checks.
View videos regarding BPA Device best practice checks.
You may also view other BPA video playlist on the LIVEcommunity YouTube channel.
Rate this article:
  • 4577 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Labels
Article Dashboard
Version history
Last Updated:
‎07-07-2020 09:06 AM
Updated by: