The firewall maintains a block list of source
IP addresses that it’s blocking. When the firewall blocks a source
IP address, such as when you configure either of the following policy
rules, the firewall blocks that traffic in hardware before those
packets use CPU or packet buffer resources:
A classified
DoS Protection policy rule with the action to
Protect (a
classified DoS Protection policy specifies that incoming connections
match a source IP address, destination IP address, or source and
destination IP address pair, and is associated with a Classified
DoS Protection profile, as described in
DoS
Protection Against Flooding of New Sessions).
Hardware
IP address blocking is supported on PA-3200 Series, PA-5200 Series, and
PA-7000 Series firewalls.
You can view the block list, get
detailed information about an IP address on the block list, or view
counts of addresses that hardware and software are blocking. You can
delete an IP address from the list if you think it shouldn’t be
blocked. You can change the source of detailed information about
addresses on the list. You can also change how long hardware blocks
IP addresses.