Hello @NeonNetSec
Palo Alto does not focus on DDoS mitigation: Defending from DoS and volumetric DDoS attacks. The only exception is zone protection, but this is a basic feature. Building any solution on-premise will not protect you against volumetric DDoS attacks as your lines will get clogged before your on-premise devices could mitigate the attack. If you are protecting entire infrastructure, then I would be looking into scrubbing center (Either purchase this service or built your private one). If you are protecting web services, I would be looking into WAF solution. Alternative to these would be asking your ISP to enable DDoS protection on their side on ISP level.
Kind Regards
Pavel
... View more