Enable Packet Buffer Protection BPA Checks

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Retired Member
Not applicable
No ratings

Zones - Enable Packet Buffer Protection - Interpreting BPA Checks - Network


Packet buffer protection defends the firewall from single session denial-of-service DoS attacks. The Enable Packet Buffer Protection best practice check ensures packet buffer protection is enabled on each zone.


Why is the Enable Packet Buffer Protection check important?

A single session on a firewall can consume packet buffers at a high volume. These attacks flood the target to consume all of the target's available resources until the target becomes unavailable. However, if zone protection on the packet buffer is enabled, the firewall will monitor high buffer utilization and take action if an abusive session is detected.


For more information on how to Enable Packet Buffer Protection, please review the following article:

Packet Buffer Protection (TechDocs - PAN-OS® Administrator’s Guide)


For additional resources regarding BPA, visit our LIVEcommunity BPA tool page.
View videos regarding BPA Network best practice checks.
View videos regarding BPA Policies best practice checks.
View videos regarding BPA Objects best practice checks.
View videos regarding BPA Devices best practice checks.
You may also view other BPA video playlist on the LIVEcommunity YouTube channel.
Rate this article: