Question

Packets are dropped due to Threat ID 8507 as per threat logs. Why does the detailed threat logs show no security rule or association in its threat logs?

Environment

Any Palo Alto Firewall.
Flood protection configured.
PAN-OS 8.0 and above.

Answer

Thread ID 8507 indicates the flood detection for packet buffer protection drop (PBP Packet Drop). Since this detection is triggered upon reaching or exceeding the configured packet buffer threshold. This flood is not associated with the single rule because the packet buffers are an aggregated session in the Firewall or zone.
Hence, the threat logs have type flood and TID 8507, however, no security rule is attached to it.
Global PBC configuration settings can be tuned at GUI: Device >Setup >Session Settings > Packet Buffer Protection.

NOTE: Change the activation rate higher if the activation rate is very low or lower than the Alert rate.

Additional Information

What are the Threat IDs for Scan and Flood associated with Zone Protection?

What effect does Packet Buffer Protection have if it is enabled globally but not enabled on Zones?

Why does the threat id 8507 not get associated with security policy

Question

Environment

Answer

Additional Information

What are the Threat IDs for Scan and Flood associated with Zone Protection?

What effect does Packet Buffer Protection have if it is enabled globally but not enabled on Zones?

Other users also viewed: