Instructions for configuring DoS Protection on Palo Alto device

1.Overview

In this article, techbast will guide how to configure DoS Protection to protect the servers inside the system.

2.Diagram

Details:

  • Internet is connected at port E1/1 of Untrust zone with IP 14.16.x.x.
  • The LAN is configured at port E1/2 of the LAN zone with IP 10.145.41.1/24 and configured as a DHCP Server.
  • AD Server is connected to port E1/2 and has IP 10,145.41.10/24.

3.Scenario

Techbast will guide you on how to configure the DoS Protection feature to protect against DoS attacks that usually target service servers.

4.What to do

  • Create Custom DoS Protection Profile
  • Create DoS Protection policy

5.Configuration

5.1.Create Custom DoS Protection Profile

Go to Objects > DoS Protection and create the following parameters:

SYN Flood tab:

  • Name: SYN_Flood_Protection
  • SYN Flood: select
  • Alarm Rate (connections/s): 30
  • Activate Rate (connections/s): 100
  • Max Rate (connections/s): 1000
  • Block Duration (s): 300

ICMP Flood tab:

  • ICMP Flood: select
  • Alarm Rate (connections/s): 100
  • Activate Rate (connections/s): 1000
  • Max Rate (connections/s): 4000
  • Block Duration (s): 300

Click OK to save the DoS Protection Profile panel.

Click Commit and OK to save the configuration changes.

5.2.Create DoS Protection policy

Go to Policies > DoS Protection.

Click Add and create according to the following parameters:

General tab:

  • Name: Dos_Protect

Source tab:

  • Source Zone: select untrust

Destination tab:

  • Destination Zone: select LAN

Option/Protection tab:

  • Chọn Any in Service
  • Action: chọn Protect
  • Aggregate: select SYN_Flood_Protection
  • Click OK to save

Click Commit to save the configuration changes.

So we have completed configuring DoS Protection on the Palo Alto device to prevent DoS attacks on the service server container.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.