Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ven
Explorer

Firewall Deny Vs Drop

Hi Experts,

Firewall deny vs Firewall Drop.  Out of two which consumes cpu resources or affects GW performance when looked at during an DoS scenario ?  

 

0 Kudos
3 Replies
Marcel_Gramalla
Collaborator

You mean "Block" vs "Drop" right? As block sends a connection refused it consumes more CPU and you can actually detect if there is something on that IP. Drop on the other hand just ends in a timeout.

Ven
Explorer

yes, question is about Block" vs "Drop.  Thanks for your quick response and info

0 Kudos
_Val_
Admin
Admin

Neither Deny nor Block are used in FW Network Security rules. You probably mean "Reject", right?

0 Kudos