Please help clarify about action of DoS protection policy.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Please help clarify about action of DoS protection policy.

L1 Bithead

We understand DoS protection works when we set action Protect.

 

We need to know the benefits to setting action Allow and Deny.

 

Because we think that option is the same as normal security policy.

 

Jitaphon_0-1644319100938.png

 

 

Thank you.

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello there.

 

DoS policies are evaluated before security policies, if you truly follow the PANW flow logic.

If true, then the DoS policies are extremely beneficial to protect your network.

 

Example:  Some companies want to block the EDLs (the 4 built in external dynamic lists), and they put them into the security policies, to typically DENY access.

 

Why not use a DoS policy with the DENY function.  This way, if any IP from the 4 EDLs attempt to connect to the FW (before a session is created) the action in DoS can be DENY.

 

Now, there will always be workarounds, perhaps, the company wants to block foreign countries (example, block non-USA sourced traffic), and then some employees go on vacation to Mexico, and need access to GP.

 

Well, then you could create an ALLOW rule, above your non-foreign country rule, to allow MEX to try and establish a session. 

 

In summary, I have provided both a DENY and an ALLOW explanations.

Help the community: Like helpful comments and mark solutions

Hi

 

Thank you for your detail. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!