Why THREAT ALERT : critical : 0.0.0.0 -> 0.0.0.0 Session Limit Event(8801) drop generated?

Why THREAT ALERT : critical : 0.0.0.0 -> 0.0.0.0 Session Limit Event(8801) drop generated?

607
Created On 08/16/22 18:42 PM - Last Modified 11/11/25 23:34 PM


Question


In what situation does the threat log generate critical : 0.0.0.0 -> 0.0.0.0 Session Limit Event(8801) drop event?

Environment


  • PAN OS
  • DoS Protection Profile
  • DoS Protection Policy

Answer


This event occurs when the maximum allowed concurrent sessions for a DoS profile has reached and the action is set with SYN Cookies.  The type of flood indicates you have configured the Flood Protection option within the profile. The 'Protect' action in DoS Rule enforces rate limits specified in the Aggregate (all matching traffic, 0.0.0.0) or Classified (specific source, destination IP addresses, or both)  profile and it is the recommended action to avoid dropping legitimate traffic.

The relevant DoS Protection rule is also logged in the threat log.

Deploy DoS and Zone Protection Using Best Practices (https://docs.paloaltonetworks.com/best-practices/10-1/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/deploy-dos-and-zone-protection-using-best-practices)

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlImCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail