02-08-2022 03:15 AM - edited 02-08-2022 03:18 AM
We understand DoS protection works when we set action Protect.
We need to know the benefits to setting action Allow and Deny.
Because we think that option is the same as normal security policy.
Thank you.
02-08-2022 07:33 AM
Hello there.
DoS policies are evaluated before security policies, if you truly follow the PANW flow logic.
If true, then the DoS policies are extremely beneficial to protect your network.
Example: Some companies want to block the EDLs (the 4 built in external dynamic lists), and they put them into the security policies, to typically DENY access.
Why not use a DoS policy with the DENY function. This way, if any IP from the 4 EDLs attempt to connect to the FW (before a session is created) the action in DoS can be DENY.
Now, there will always be workarounds, perhaps, the company wants to block foreign countries (example, block non-USA sourced traffic), and then some employees go on vacation to Mexico, and need access to GP.
Well, then you could create an ALLOW rule, above your non-foreign country rule, to allow MEX to try and establish a session.
In summary, I have provided both a DENY and an ALLOW explanations.
02-08-2022 08:50 PM
Hi
Thank you for your detail.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
