Defend your zones against packet based attacks.
Where Can I Use
This? | What Do I Need? |
A Zone Protection profile configured for packet-based attacks check IPv4, TCP, ICM, and ICMPv6
packet headers and enable you to specify whether to drop packets that have
undesirable characteristics or to strip characteristics from packets before
admitting them to the zone.
For example, you can drop TCP SYN and SYN-ACK packets
that contain data in the payload during a TCP three-way handshake.
A Zone Protection profile by default is set to drop SYN and SYN-ACK
packets with data.