Is it possible to limit concurrent session per source IP?

cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible to limit concurrent session per source IP?

Not applicable

Hello,

I have a PAN-2050 installed in vitual wire reaching max concurrent session  (262143) and discarding sessions in peak hours unable to create new sessions. I would like to know if it is possible to configure or create a rule to limit the max concurrent session per source IP. Or maybe per appication.

I couldn´t find information abour that in Admin or Command Guide. Does anybody have experience with similar issue?

Thanks.

17 REPLIES 17

What a shame! 😞

Even Netfilter do DstIP/port based rate limiting.

Anyway, thanks for your fast response! 😉

Hi iceman,

this is from the RN of the upcoming PAN-OS 4:

DoS Protection Rulebase – Complementing the existing Zone Protection Profiles, a new Denial
of Service rulebase and corresponding DoS Protection Profile have been added to provide more
granular and proactive protection from DoS attacks.

rgds Roland

iceman wrote:

What a shame! 😞

Even Netfilter do DstIP/port based rate limiting.

Anyway, thanks for your fast response! 😉

PAN-OS has had SRC/DST/port based rate limiting for quite some time now.  The next release will also allow SRC/DST/port based session and flood control.  In addition, this will be available for the aggregate of traffic identified in a rule or classified per single source, destination, or combination of both hitting a rule.

Cheers,

Kelly

Great!

My goal is to identify and limit DoS Attack to my DNS Servers.

Today the Zone Protection Profile make me able to protect per dst zone, not per single Dst IP address.

Do you suggest me anything else to achieve this goal?

I'm looking forward to seeing 4.0 release for the new feature!

Thanks

Not applicable

Hi guys,

thanks everybody for your help. Finally I was talking with PaloAlto Spain representaves.They told me PAN 4.0 will be released february 20, and as you said, it will be possible to create a DoS policy to limit sessions per Src-IP, Dest-IP, and also by protocols TCP/UDP/ICMP . I hope this will solve my problem because 80% of my sessions are UDP.

What I couldn´t find is Relesae Notes of PAN 4.0. Does anybody knows where can I donwload it?

Thanks.

PANOS 4.0 release notes will be made available concurrently with the software release.

Hi all,

Would you know where can find the DOS Protect alarm log ?

I crated a DOS Policy in Nice beta & generate a lot of session to hit DOS Rule alarm threshold but can't found any alarm log...

regard,

Bruce

The logs for DoS protection should show up in the threat logs.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!