Zones - Enable Packet Buffer Protection - Interpreting BPA Checks
Packet buffer protection defends the firewall from single session denial-of-service DoS attacks. The Enable Packet Buffer Protection best practice check ensures packet buffer protection is enabled on each zone.
Why is the Enable Packet Buffer Protection check important?
A single session on a firewall can consume packet buffers at a high volume. These attacks flood the target to consume all of the target's available resources until the target becomes unavailable. However, if zone protection on the packet buffer is enabled, the firewall will monitor high buffer utilization and take action if an abusive session is detected.
For more information on how to Enable Packet Buffer Protection, please review the following article:
Packet Buffer Protection (TechDocs - PAN-OS® Administrator’s Guide)
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/packet-buffer-protection
Comments
Post a Comment