Palo Alto Networks Knowledgebase: Differences between DoS Protection and Zone Protection

Differences between DoS Protection and Zone Protection

9864
Created On 02/07/19 23:58 PM - Last Updated 02/07/19 23:58 PM
Threat Intelligence Threat Prevention
Resolution

A DoS protection policy can be used to accomplish some of the same things a Zone protection policy does but there are a few key differences:

  • A major difference is a DoS policy can be classified or aggregate. Zone protection policies can be aggregate.
    • A classified profile allows the creation of a threshold that applies to a single source IP.

      For example, a max session rate per IP can be created for all traffic matching the policy, then block that single IP address once the threshold is triggered

    • An aggregate profile allows the creation of a max session rate for all packets matching the policy. The threshold applies to new session rate for all IPs combined. Once the threshold is triggered it would affect ALL traffic matching the policy.
  • Zone protection policies allow the use of flood protection and have the ability to protect against port scanning\sweeps and packet based attacks. A few examples are IP spoofing, fragments, overlapping segments, reject tcp-non-syn
  • Zone protection profiles may have less performance impact since they are applied pre-session and don’t engage the policy engine.

owner: jteetsel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClW6CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language