Protect network zones and critical devices from flood
attacks, reconnaissance, packet-based attacks, and non-IP protocol-based
attacks.
Segmenting the network into functional and organizational
zones reduces the network’s attack surface—the portion of the network
exposed to potential attackers. Zone protection defends network
zones against flood attacks, reconnaissance attempts, packet-based
attacks, and attacks that use non-IP protocols. Tailor a Zone Protection
profile to protect each zone (you can apply the same profile to
similar zones). Denial-of-service (DoS) protection defends specific
critical systems against flood attacks, especially devices that
user access from the internet such as web servers and database servers,
and protects resources from session floods. Tailor DoS Protection
profiles and policy rules to protect each set of critical devices.
Visit the
Best Practices documentation
portal to get a checklist of Zone Protection and DoS Protection
best practices.