How to Configure a Policy with DoS Protection to Protect Hosted Services
The Palo Alto Networks firewall is configured to host a service. For this example, the firewall is configured to perform destination NAT towards a web server in the Trust network. A policy is now needed for protection against DoS attacks.
- Create a custom DoS Protection Profile
- Navigate to Objects > DoS Protection
- Click Add
Configure the DoS Protection Profile (see example below)
Create a DoS Protection Policy using the profile created in step 1.
Navigate to Policies > DoS Protection
Click Add to bring up a new DoS Rule dialog
Associate the Dos Protection profile created earlier
Set the action to Protect. Default action is Deny, which will deny all traffic matching this flow.
Note: The example from above reflects lab environment values for the thresholds. When deploying the setup in production, the values need to be in accordance to the traffic that is expected to be handled by the network.