apfelscruffs_38
Feb 06, 2019Nimbostratus
DoS Profile (ASM) - Rate limiting implementation
ASM has a DoS profile with TPS-based detection, by Device IP. Offenders can be rate limited.
How does this rate limiting apply? Is it layer 4 or layer 7? If TCP, does it drop TCP packets (no ACK) or does it drop the TCP connection?
This is not described in the documentation and different implementations would have very different impact for legitimate users who are flagged as offenders (false positives).