When configuring a Zone Protection profile, in which section (protection type) would an NGFW engineer configure options to protect against activities such as spoofed IP addresses and split handshake session establishment attempts?
In a Zone Protection profile, the Packet-Based Attack Protection section is specifically designed to defend against threats such as spoofed IP addresses and split handshake session establishment attempts. This section allows you to configure the firewall to drop or strip packets with undesirable characteristics across various protocols, including IP, TCP, ICMP, IPv6, and ICMPv6.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/zone-protection-and-dos-protection/configure-zone-protection-to-increase-network-security/configure-packet-based-attack-protection
The firewall can drop IP packets that contain specific header options or are malformed.
Some packet-based attack protection recommendations apply somewhat equally to all organizations. For example, prevent IP address spoofing in security zones by selecting Spoofed IP address from the Packet based protection tab
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mirko1976
1 month, 1 week agoMohamed_Waly
1 month, 2 weeks ago