An engineer is configuring Packet Buffer Protection on ingress zones to protect from single-session DoS attacks. Which sessions does Packet Buffer Protection apply to?
An engineer is configuring Packet Buffer Protection on ingress zones to protect from single-session DoS attacks. Which sessions does Packet Buffer Protection apply to?
Packet Buffer Protection applies to existing sessions and it is global. This feature is designed to defend against single-session Denial of Service (DoS) attacks by monitoring and protecting the packet buffer resources for all zones globally. It does not specifically target new sessions and its configuration is not limited to individual zones but rather covers all zones when enabled.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/packet-buffer-protection
B correct answer. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/packet-buffer-protection
Packet Buffer Protection applies to existing sessions and is global. Correct
B Global and applies to existing sessions.
What about "on ingress zones" part of the question? shouldn't the answer be A?
It Applied on existing sessions. It is not Global, yes there is a global control but there is also a zone control, so it can be disabled on some zone. Correct Answer is A
Answer is B. Although you don’t configure Packet Buffer Protection in a Zone Protection profile or in a DoS Protection profile or policy rule, Packet Buffer Protection defends ingress zones. While zone and DoS protection apply to new sessions (connections) and are granular, Packet Buffer Protection applies to existing sessions and is global.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/packet-buffer-protection Yes, Buffer Protection can apply on each zone. But from doc it said "You must enable Packet Buffer Protection globally in order for it to be active in zones." So there must be a global rule already being made. Thus I chose B.
PBP applies to existing sessions. It is enabled globally and if enabled globally can also be applied to zones.
Indeed, the doc says "existing sessions and global", but in reality, PBP applies to existing and new sessions. PBP measures Connections per seconds and can drop packets of new sessions or discard existing sessions should they consume too many buffers. Basically, the doc is wrong, but for the PCNSE, we should of course answer "While zone and DoS protection apply to new sessions (connections) and are granular, Packet Buffer Protection applies to existing sessions and is global." If only globally applied, PBP drops packets using RED. When applied in a zone, it can also block (with the "block countdown threshold") for an amount of time