06-07-2017 02:04 PM
We are thinking of creating a DoS rule and I was wondering what the group thinks of this rule and what affect it would have.
06-07-2017 02:11 PM
I like this article. This requires planning a bit........:
06-07-2017 02:18 PM
Action "deny" does exactly what is says - it denies traffic.
Same as you block in security policy.
Don't enable this rule.
What you wan't to do is to "protect"
06-08-2017 06:02 AM
so basically with out a profile attached to this rule it is going to deny all traffice coming for the outside zone as a source to the destination zones of DMZ, net-services and working. so my question is why is there an option to do this with out a profile either to deny or block seems like protect should be your only option.
06-08-2017 06:03 AM
Yes I downloaded that and I do think its a good article thanks. So is anyone doing DoS protection and how is it working for you
06-08-2017 06:04 AM
I don't know why there is deny option.
I guess it is assumed you have DoS profile in place and if you fall under attack and suddenly want to block this traffic completely you can do so.
But yes this option will just deny like security policy.
06-08-2017 06:10 AM
Thanks thats exactly what I thought too 🙂
06-08-2017 07:09 AM
are you using DoS protection on your firewall? Can you add DoS protection as a profile on to you policies? I don't see a way to do that or do they stand alone
06-08-2017 07:18 AM - edited 06-08-2017 07:19 AM
@Raido_Rattameister wrote:I don't know why there is deny option.
I guess it is assumed you have DoS profile in place and if you fall under attack and suddenly want to block this traffic completely you can do so.
But yes this option will just deny like security policy.
It's not exacly the same as security policys ... at least on more powerful hardware with FPGA's (I don't know exactly which hardware has specific FPGA's and for what features) ...
because DoS policys are processed first, so if you are under Attack or want to drop a lot of traffic because of another reason, doing this with DoS policys will affect your DP processor much less than dropping the traffic in later stages of the packet processing (security policy)
06-08-2017 07:38 AM
So it isn't added as a profile to an existing policy but is hit first and then goes to the policies
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!