is there a way to create a rule like this?
( session_end_reason eq aged-out ) and ( zone.dst eq SERVER ) and ( app eq incomplete ) and ( rule eq MY OUTSIDE RULE ) and ( bytes eq 308 )
block the IP for 300 seconds
not like that, but you can enable zone protection with syn cookies and tweak reconnaissence / packet based attacks to prevent odd connections like this from ever reaching the policy
Yes I agree with you but I have some problems with DoS Protection.
Can you read my post here https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Discussions/Tcp-flood/td-p/182561 and help me?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!