paloaltonetworks:configuration:dos_protection
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| paloaltonetworks:configuration:dos_protection [2020/06/10 12:14] – created bstafford | paloaltonetworks:configuration:dos_protection [2022/11/23 12:49] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== DoS Protection Profiles ====== | ====== DoS Protection Profiles ====== | ||
| + | Remember, you should not have TCP-SYN enabled on both Zone Protection and DoS policies at the same time. | ||
| + | |||
| + | |||
| Remember, for DoS Protection Profiles, firewalls with multiple dataplane processors (DPs) distribute connections across DPs. In general, the firewall divides the CPS threshold settings equally across its DPs. For example, if a firewall has five DPs and you set the Alarm Rate to 20,000 CPS, each DP has an Alarm Rate of 4,000 CPS (20,000 / 5 = 4,000), so if the new sessions on a DP exceeds 4,000, it triggers the Alarm Rate threshold for that DP. | Remember, for DoS Protection Profiles, firewalls with multiple dataplane processors (DPs) distribute connections across DPs. In general, the firewall divides the CPS threshold settings equally across its DPs. For example, if a firewall has five DPs and you set the Alarm Rate to 20,000 CPS, each DP has an Alarm Rate of 4,000 CPS (20,000 / 5 = 4,000), so if the new sessions on a DP exceeds 4,000, it triggers the Alarm Rate threshold for that DP. | ||
paloaltonetworks/configuration/dos_protection.1591791261.txt.gz · Last modified: (external edit)